1 00:00:00,390 --> 00:00:01,440 So welcome back, everyone. 2 00:00:01,470 --> 00:00:09,660 There's a resignation decision is about Stoled Crosseyed scripting, well, unlike a light reflected 3 00:00:09,660 --> 00:00:13,000 exercise, stoled exercise is all about persistence. 4 00:00:13,560 --> 00:00:22,210 So remember, what was the what was the power of Reflektor exercise is that it was pretty easier. 5 00:00:22,230 --> 00:00:29,430 I mean, if you let's say I want to compromise to an individual user, I can just simply compromise 6 00:00:29,430 --> 00:00:34,530 any any random website, any simple, you know, single page website as well. 7 00:00:34,560 --> 00:00:42,510 And, you know, I can then in fact, there is no small site where the developer or the owner of the 8 00:00:42,510 --> 00:00:43,530 website might be. 9 00:00:43,590 --> 00:00:51,860 It might not be taken care of, but security with it, I can probably try infecting it or probably all 10 00:00:51,930 --> 00:00:54,150 I can grab what is already infected. 11 00:00:54,810 --> 00:00:57,000 The problem was this. 12 00:00:57,270 --> 00:01:04,170 This I mean, reflected exercice takes a lot of energy and a lot of time as well, because that's where 13 00:01:04,170 --> 00:01:07,580 you have to concentrate on individual users. 14 00:01:07,590 --> 00:01:15,960 So let's say you need if a hacker basically need thousands of thousands of victims, he will have to 15 00:01:15,960 --> 00:01:19,550 send in thousands of e-mail to all those user phishing e-mail. 16 00:01:19,560 --> 00:01:19,850 Right. 17 00:01:20,250 --> 00:01:26,910 And then we can expect at least 50 percent or 60 percent of them get converted or compromised. 18 00:01:26,920 --> 00:01:31,590 In fact, store exercice solve this problem for hackers. 19 00:01:31,620 --> 00:01:34,320 What happened is restored exercice. 20 00:01:35,820 --> 00:01:37,470 It's more of a persistence. 21 00:01:37,520 --> 00:01:44,880 Let me show you how exactly when you look at these two stored exercice and what happened is it's a persistance. 22 00:01:44,880 --> 00:01:53,130 It means that whatever you do, whatever hacker if let's say hacker compromises, if a hacker in fact 23 00:01:53,130 --> 00:02:00,870 a website or find a wonderful website if or maybe he'd do something and get it. 24 00:02:00,870 --> 00:02:04,670 Get vulnerable bob of the store exercice maybe. 25 00:02:05,100 --> 00:02:10,770 So if anything has been done it will still remain there, it will still remain there. 26 00:02:11,010 --> 00:02:18,750 And any user after that, maybe after a day, after two days, after three days, they're still getting 27 00:02:18,750 --> 00:02:19,460 compromised. 28 00:02:19,710 --> 00:02:24,270 What do you do if you look at the Reflektor, this is for every new user. 29 00:02:24,270 --> 00:02:28,230 That has to be a new link to be sent to the new victim. 30 00:02:28,500 --> 00:02:33,290 But with these store Xerces, there is only one time activity need to be done on the website. 31 00:02:34,260 --> 00:02:35,160 After all. 32 00:02:35,220 --> 00:02:40,980 After that, all the following user, all the following victims automatically get compromised. 33 00:02:41,250 --> 00:02:42,590 And that's what's going to happen. 34 00:02:43,290 --> 00:02:50,760 And that there is a very big incident happened, has happened, in fact, with MySpace as well, on 35 00:02:50,760 --> 00:02:54,110 back where the site got compromised. 36 00:02:54,210 --> 00:03:01,050 After that, like millions of the user, the hacker wasn't having much friends on his account. 37 00:03:01,470 --> 00:03:09,900 But when he made use of store X Cross scripting through which in just just one minute he got 10 friends 38 00:03:09,900 --> 00:03:15,360 request after like 30 minutes he got 700 friend request. 39 00:03:15,360 --> 00:03:19,950 After three hours, he got somewhere around 30000 friend requests. 40 00:03:20,220 --> 00:03:24,930 And it kept happening until he got around one million friend request. 41 00:03:25,230 --> 00:03:33,180 And after that, in fact, the platform social media platform itself got the point that something something 42 00:03:33,180 --> 00:03:37,140 got wrong in the platform and that's how it got detected. 43 00:03:37,920 --> 00:03:44,000 So there was a very, very popular, very popular attack happening on the platform as well. 44 00:03:44,010 --> 00:03:45,920 But that's how it is. 45 00:03:45,930 --> 00:03:52,830 It was everybody started recognizing it and it was a part of all that stopped in volubility as well. 46 00:03:52,890 --> 00:03:53,240 Right. 47 00:03:53,250 --> 00:04:01,400 And still pretty much popular on many of the many of its still active for many of the Web sites. 48 00:04:02,130 --> 00:04:05,670 So remember, there's a persistent nature. 49 00:04:05,670 --> 00:04:11,430 And also in this site, in this case, the site received the malicious requests and include within its 50 00:04:11,430 --> 00:04:14,520 leader responses as well as TDP responses. 51 00:04:15,540 --> 00:04:19,850 And it's easy to compromise millions of user with this attack. 52 00:04:19,860 --> 00:04:28,920 The reason is once you compromise this Web site scene, you can't really compromise on a Web site, 53 00:04:28,920 --> 00:04:36,780 which is not that maybe, you know, normal Web site where you have just 10 or 15 visitors coming in. 54 00:04:37,170 --> 00:04:43,050 If you, in fact, that you still be not sure how many you know and what will be the conversion rate, 55 00:04:43,050 --> 00:04:50,220 because a hacker would be spending like day or maybe 20 days or 30 days or probably month or month to 56 00:04:50,220 --> 00:04:51,570 infect site. 57 00:04:51,570 --> 00:04:57,150 And if he don't get much visitors on those Web site, it doesn't make sense. 58 00:04:57,150 --> 00:04:57,360 Right. 59 00:04:57,780 --> 00:04:59,940 So in order to get millions of user. 60 00:05:00,010 --> 00:05:06,910 On millions of conversion or maybe at least thousands of conversion, he needs a site which is pretty 61 00:05:06,910 --> 00:05:12,550 much popular, which is which could be in e-commerce, which could be any sort of, you know, other 62 00:05:12,550 --> 00:05:13,440 platform as well. 63 00:05:13,450 --> 00:05:13,690 Right. 64 00:05:13,720 --> 00:05:22,660 So the attacker needs such a platform where if the weather if it has been impacted, if it is infected, 65 00:05:23,110 --> 00:05:29,920 all the following victims get automatically compromised without even doing any further activity. 66 00:05:29,960 --> 00:05:31,210 Do it right. 67 00:05:31,300 --> 00:05:39,300 So this is easy once the infection has been done, required an infected site, having a huge visitor. 68 00:05:39,520 --> 00:05:40,400 Why I talked about. 69 00:05:40,780 --> 00:05:44,110 Now let's understand how exactly it going to work as the hacker. 70 00:05:44,590 --> 00:05:52,070 Basically, first of all, the hackers need to compromise hacker to insert JavaScript code, you know, 71 00:05:52,270 --> 00:05:54,250 JavaScript code on a vulnerable site. 72 00:05:54,340 --> 00:05:56,380 So that's the first thing, if you remember. 73 00:05:56,800 --> 00:06:03,100 But reflective exosomes, the first part was he to the hacker need to reach out to all individual users 74 00:06:03,520 --> 00:06:05,110 manually, manually. 75 00:06:05,110 --> 00:06:10,960 He need to send all these e-mails or probably it can be automated, of course, but it need to be targeted 76 00:06:10,960 --> 00:06:12,970 so that to get maximum conversion. 77 00:06:13,600 --> 00:06:19,900 So but in the stored accesses account, attacked hacker need to compromise a vulnerable site. 78 00:06:20,110 --> 00:06:28,240 And he always need to always need to have access to it so that he he can once he so some JavaScript 79 00:06:28,240 --> 00:06:37,750 code or in fact do sign again, whatever the following visitors comes in, they automatically get those 80 00:06:37,750 --> 00:06:41,010 JavaScript back to all those visitors, in fact. 81 00:06:41,710 --> 00:06:48,400 So let's say one visitor comes in, the visitor, no one comes in, he will automatically get compromised. 82 00:06:49,030 --> 00:06:53,680 The second user comes to the games, to this vulnerable site. 83 00:06:53,980 --> 00:06:55,600 He will also get compromised. 84 00:06:55,600 --> 00:06:56,650 How exactly? 85 00:06:56,950 --> 00:07:04,780 Because the moment the new user comes to this vulnerable site or website page, he will see that JavaScript 86 00:07:04,780 --> 00:07:05,530 code into it. 87 00:07:06,220 --> 00:07:09,760 Your browser automatically download all the content of the page. 88 00:07:10,030 --> 00:07:15,390 He will also download the malicious JavaScript code inserted by the hacker. 89 00:07:15,760 --> 00:07:22,990 That's how and the script code will still be there, and that's where it is stored and persistent persistence 90 00:07:22,990 --> 00:07:23,580 in nature. 91 00:07:23,920 --> 00:07:29,760 So that's how the first victim comes in and look at the browser and he get infected. 92 00:07:30,070 --> 00:07:33,700 Second also comes and he downloads the content of the same page. 93 00:07:34,000 --> 00:07:35,710 Download the JavaScript code as well. 94 00:07:35,950 --> 00:07:37,480 He will be impacted as well. 95 00:07:38,230 --> 00:07:41,530 How to user exactly the same for user? 96 00:07:41,530 --> 00:07:42,490 Exactly the same. 97 00:07:42,730 --> 00:07:47,860 And that's what makes this attack so, so impactful. 98 00:07:48,100 --> 00:07:48,300 Right. 99 00:07:48,400 --> 00:07:54,070 So if it is done once, it can impact millions after that. 100 00:07:54,070 --> 00:07:54,410 Right. 101 00:07:54,730 --> 00:08:02,590 So that's why this attack is so impactful and will be learning about in more detail when will perform 102 00:08:02,590 --> 00:08:04,060 the lab about it as well. 103 00:08:04,120 --> 00:08:04,520 All right. 104 00:08:04,520 --> 00:08:06,460 So we'll get you in the next session and then get.