1 00:00:00,270 --> 00:00:06,510 Welcome to Section eight and this section, we're going to go over launching attacks now, this is going 2 00:00:06,510 --> 00:00:10,350 to be one of the longest sections in this entire course. 3 00:00:10,740 --> 00:00:16,830 We're going to cover a myriad of different ways to launch attacks, how attacks are actually launched 4 00:00:16,830 --> 00:00:23,040 by black hats, what we can do to overcome those attacks and really to be more on the offense, because 5 00:00:23,040 --> 00:00:25,380 this is where we've already gathered the data. 6 00:00:25,380 --> 00:00:28,740 We've already done the active and passive reconnaissance. 7 00:00:28,740 --> 00:00:36,150 We've been able to gather the intelligence so that we can actually execute and launch attacks based 8 00:00:36,150 --> 00:00:38,360 on the information that we've already accumulated. 9 00:00:38,370 --> 00:00:38,650 Right. 10 00:00:39,190 --> 00:00:47,130 And so what we're going to go over here in this section is the different methods, the different strategies, 11 00:00:47,130 --> 00:00:51,150 tools and everything that comes into play, into launching attacks. 12 00:00:51,510 --> 00:00:56,970 Like I mentioned, this is probably going to be one of the longest sections, but it's going to be completely 13 00:00:57,120 --> 00:00:58,020 value packed. 14 00:00:58,170 --> 00:00:59,820 And I'm excited for you to get started. 15 00:00:59,850 --> 00:01:02,790 So let's go ahead and go over the Section eight overview. 16 00:01:03,340 --> 00:01:07,980 So, like I mentioned, this is where you're going to learn how to launch attacks and compromise your 17 00:01:07,980 --> 00:01:09,660 targets when hacking. 18 00:01:10,050 --> 00:01:15,570 And what we're going to go over specifically are the phases of an attack and then analyzing gathered 19 00:01:15,570 --> 00:01:16,200 information. 20 00:01:16,200 --> 00:01:16,470 Right. 21 00:01:16,470 --> 00:01:21,930 Because after we collect the information, we want to make sure that we're able to analyze it appropriately. 22 00:01:22,110 --> 00:01:28,350 We're able to look at where the weak points were, the areas of opportunities for us to actually exploit, 23 00:01:28,860 --> 00:01:36,210 and then searching and understanding, exploit and launching exploits and then creating custom malware, 24 00:01:36,330 --> 00:01:42,900 how we can actually create this and be able to use it to infect machines and then avoiding antivirus 25 00:01:42,900 --> 00:01:43,590 detection. 26 00:01:43,860 --> 00:01:45,780 This is extremely powerful here. 27 00:01:45,780 --> 00:01:54,450 When you can bypass like a McAfee or a Norten or any one of these very sophisticated virus protections. 28 00:01:54,450 --> 00:01:54,830 Right. 29 00:01:54,870 --> 00:02:00,660 This is very powerful for you to be able to go in and actually take advantage of a system. 30 00:02:00,660 --> 00:02:01,040 Right. 31 00:02:01,560 --> 00:02:03,680 And then we have brute force attacks. 32 00:02:03,690 --> 00:02:08,550 This is where you're essentially overloading a system, essentially throwing everything in the kitchen 33 00:02:08,550 --> 00:02:12,270 sink to be able to get access to the actual target. 34 00:02:12,450 --> 00:02:16,430 And then the AARP spoofing and the social engineering. 35 00:02:16,830 --> 00:02:23,100 So social engineering is going to be also a topic that we go quite in-depth in as well, as you can 36 00:02:23,100 --> 00:02:29,700 perhaps recall from the previous lectures in sections, social engineering is really the manipulation 37 00:02:30,030 --> 00:02:36,450 of individuals to gather intel information about them without them actually doing it willingly. 38 00:02:36,450 --> 00:02:36,720 Right. 39 00:02:36,720 --> 00:02:43,500 Because they are essentially giving you information, but they're doing it not knowing that you're looking 40 00:02:43,500 --> 00:02:46,100 to use that information in a negative manner. 41 00:02:46,110 --> 00:02:46,530 Right. 42 00:02:46,530 --> 00:02:47,620 Maliciously, right. 43 00:02:47,640 --> 00:02:51,420 So we're going to cover all these different topics here in depth. 44 00:02:51,510 --> 00:02:54,090 So let's go ahead and jump into this real quick here. 45 00:02:54,240 --> 00:02:56,040 Let's go into a quick disclaimer. 46 00:02:56,490 --> 00:03:02,130 Like I mentioned on any other section here, anything from this course that you learn here is purely 47 00:03:02,130 --> 00:03:08,190 for educational purposes and is meant to be used for ethical hacking only on this given permission to 48 00:03:08,190 --> 00:03:08,940 do so prior. 49 00:03:09,510 --> 00:03:12,570 So there are five phases that make up an attack. 50 00:03:12,570 --> 00:03:19,290 The first one is reconnaissance, the information gathering, the scanning, the actually looking at 51 00:03:19,290 --> 00:03:24,190 the network and looking at what is available for us to exploit and then gaining access. 52 00:03:24,390 --> 00:03:27,180 This is actually tied up the actual network. 53 00:03:27,180 --> 00:03:33,420 We are in there through whatever kind of loophole that we found and then maintaining access once we're 54 00:03:33,420 --> 00:03:40,170 there installing back doors or utilizing a myriad of different methods to maintain that access and then 55 00:03:40,350 --> 00:03:41,610 covering our tracks. 56 00:03:41,610 --> 00:03:41,840 Right. 57 00:03:41,860 --> 00:03:49,380 Making sure that we cover up any type of evidence or information that lets anybody else know that we've 58 00:03:49,380 --> 00:03:54,540 actually been there so that when they go look at their network, they are not able to find any tracks 59 00:03:54,750 --> 00:03:55,290 from us. 60 00:03:55,290 --> 00:03:55,550 Right. 61 00:03:55,720 --> 00:03:57,780 And so let's go into these one by one. 62 00:03:57,960 --> 00:03:58,860 So reconnaissance. 63 00:03:58,860 --> 00:03:59,160 Right. 64 00:03:59,160 --> 00:04:00,870 We have already gone through this. 65 00:04:00,870 --> 00:04:05,670 But I want to kind of give you a brief overview of what reconnaissance is here. 66 00:04:05,670 --> 00:04:07,740 So phase one reconnaissance, right? 67 00:04:07,750 --> 00:04:12,720 We talked about passive here where an attacker does not interact with the system directly. 68 00:04:13,080 --> 00:04:19,450 And then we have the active where the attacker is actually interacting with the system by using tools 69 00:04:19,450 --> 00:04:20,850 to detect open ports. 70 00:04:20,850 --> 00:04:27,120 Different availabilities that are there to be able to connect to the passive is where somebody can be 71 00:04:27,300 --> 00:04:30,540 across the world and just not really connected to anything. 72 00:04:30,540 --> 00:04:35,460 And then active is actually where there's some sort of connection made to the network through some kind 73 00:04:35,460 --> 00:04:37,890 of port or whatever kind of loophole available. 74 00:04:38,160 --> 00:04:40,060 And then phase two, we have the scanning. 75 00:04:40,320 --> 00:04:46,890 So this is where we are using the information that we gathered and we're looking to find different vulnerabilities 76 00:04:46,890 --> 00:04:53,070 so an attacker can gather critical information on a network such as mapping the system, the router 77 00:04:53,070 --> 00:04:53,790 and the firewall. 78 00:04:53,800 --> 00:04:59,370 So, for example, when the attacker is looking at a particular system, they're looking to map it out. 79 00:04:59,400 --> 00:04:59,850 They want to look. 80 00:05:00,180 --> 00:05:05,880 OK, how does everything connect, does one particular department have their system or their network 81 00:05:05,880 --> 00:05:10,380 set up a certain way, let's say the marketing department, you know, how are they set up versus like 82 00:05:10,380 --> 00:05:13,530 the sales department versus the H.R. department? 83 00:05:13,530 --> 00:05:13,800 Right. 84 00:05:14,040 --> 00:05:19,400 And then how do they all connect to the main network of the entire system? 85 00:05:19,410 --> 00:05:19,680 Right. 86 00:05:20,250 --> 00:05:25,230 And so they're looking at how everything is set up, all the different firewalls, essentially looking 87 00:05:25,230 --> 00:05:28,140 at any roadblocks that may come into play. 88 00:05:28,290 --> 00:05:28,650 Right. 89 00:05:28,650 --> 00:05:31,170 With their actual attacks that they're planning. 90 00:05:31,440 --> 00:05:35,850 And then the port scanners, this is how they used to essentially scan the system. 91 00:05:35,850 --> 00:05:40,680 Look at the information, look at the actual machines, vulnerability scanners. 92 00:05:40,890 --> 00:05:42,750 These are the most commonly used tools. 93 00:05:43,080 --> 00:05:45,630 This is what we're going into, gaining access. 94 00:05:45,810 --> 00:05:52,320 This is where the most damage happens here, because once access is gained, they can do quite a bit 95 00:05:52,320 --> 00:05:54,450 of damage here to the actual network. 96 00:05:54,660 --> 00:06:00,090 They can do quite a bit of damage here to the network based on the different techniques that are actually 97 00:06:00,090 --> 00:06:01,340 presented in this program. 98 00:06:01,770 --> 00:06:06,860 So access can be gained locally, offline, over land, over the Internet. 99 00:06:06,870 --> 00:06:13,260 And then a hacker's chance of gaining access into a target system are influenced by factors such as 100 00:06:13,290 --> 00:06:19,350 architecture and configuration of that particular target system, how it's mapped out, how everything's 101 00:06:19,350 --> 00:06:23,430 connected, if one is connected to the other and what's proximity. 102 00:06:23,580 --> 00:06:23,790 Right. 103 00:06:23,850 --> 00:06:28,890 What's the, you know, area of coverage and then the skill level of the hacker, how advanced are they? 104 00:06:29,040 --> 00:06:30,770 What kind of skill level do they have? 105 00:06:30,780 --> 00:06:32,910 What kind of tools and techniques do they have? 106 00:06:32,910 --> 00:06:35,130 And then the initial level of access obtained. 107 00:06:35,140 --> 00:06:38,790 So now let's go into phase four, maintaining access. 108 00:06:38,970 --> 00:06:40,410 So maintaining access. 109 00:06:40,710 --> 00:06:43,140 This is where we want to remain undetected. 110 00:06:43,140 --> 00:06:43,440 Right. 111 00:06:43,650 --> 00:06:46,920 And we want to remove any evidence of the intrusion. 112 00:06:47,220 --> 00:06:54,060 And so what happens here is more often than not, a back door is installed or a Trojan is there to be 113 00:06:54,060 --> 00:07:00,900 able to allow them to get repeated access without leaving any kind of footprint and then also installing 114 00:07:00,900 --> 00:07:05,130 rude kids to gain full administrative access to the target system. 115 00:07:05,130 --> 00:07:12,480 Hackers can use Trojan horses to transfer usernames, passwords and any other information stored on 116 00:07:12,480 --> 00:07:13,080 the system. 117 00:07:13,260 --> 00:07:18,930 These are very, very powerful tools to be able to transfer that information and essentially to maintain 118 00:07:18,930 --> 00:07:20,190 access to the system. 119 00:07:20,190 --> 00:07:27,990 And then organizations can use intrusion detection systems or deploy traps known as honeypots and honeynet 120 00:07:28,110 --> 00:07:29,280 to detect intruders. 121 00:07:29,280 --> 00:07:36,300 So oftentimes organizations that have an actual cybersecurity strategy or plan already in place, they'll 122 00:07:36,300 --> 00:07:40,800 have these essentially as bait to trap those actual intruders. 123 00:07:40,800 --> 00:07:43,200 And then phase five here covering tracks. 124 00:07:43,350 --> 00:07:47,610 And a good hacker will always erase all evidence of their actions. 125 00:07:47,910 --> 00:07:54,390 And with the Trojans, such as a piece or net cat, these tools are used often to erase the attackers 126 00:07:54,390 --> 00:07:56,950 activity from the systems log files. 127 00:07:57,510 --> 00:07:59,260 So let's look at steganography. 128 00:07:59,850 --> 00:08:05,940 This is a process here of hiding data and other data, for instance, an image or sound files where 129 00:08:06,480 --> 00:08:11,010 there can be encrypted data or information in there, and then we have tunneling. 130 00:08:11,280 --> 00:08:17,910 This is where you can take advantage of the transmission protocol by carrying in one protocol over another. 131 00:08:18,750 --> 00:08:22,490 So now let's look at what exactly is social engineering. 132 00:08:22,500 --> 00:08:27,360 I want to give you more of an in-depth understanding of what this is, what this is about. 133 00:08:27,360 --> 00:08:30,720 Anthony's going to go quite in-depth into this section as well. 134 00:08:30,900 --> 00:08:34,440 I want to give you a bird's eye overview of what this entails here. 135 00:08:34,910 --> 00:08:41,160 So social engineering is the art of manipulating users into revealing confidential information that 136 00:08:41,160 --> 00:08:45,270 can be used to gain unauthorized access to information. 137 00:08:46,010 --> 00:08:49,480 So let's look at some of the common social engineering attacks. 138 00:08:50,070 --> 00:08:51,900 So let's look at phishing attacks. 139 00:08:51,900 --> 00:08:57,120 And these are the most common types of attacks that are leveraging social engineering techniques. 140 00:08:57,120 --> 00:09:04,410 So this is where attackers are using emails, social media and instant messaging, and also SMS through 141 00:09:04,830 --> 00:09:11,130 text message to trick victims into providing sensitive information or visiting malicious you or else 142 00:09:11,130 --> 00:09:13,830 websites to attempt to compromise their systems. 143 00:09:14,400 --> 00:09:21,660 And then water holding attacks consist of injecting malicious code into the public web pages of a site 144 00:09:21,690 --> 00:09:23,370 that the target used to visit. 145 00:09:23,730 --> 00:09:27,150 So just think about like a simple Web site such as like Yahoo! 146 00:09:27,150 --> 00:09:29,400 Dot com, where it gets a ton of traffic. 147 00:09:29,410 --> 00:09:34,920 They could put in some type of malicious code in there where that anybody that visits that website can 148 00:09:34,920 --> 00:09:37,020 get automatically infected. 149 00:09:37,020 --> 00:09:37,300 Right. 150 00:09:37,320 --> 00:09:40,350 So that's how they're able to use a water hole attack. 151 00:09:40,350 --> 00:09:42,000 And then we have pretexting. 152 00:09:42,150 --> 00:09:48,480 This is where this is where the hackers presenting themselves as someone else in order to obtain private 153 00:09:48,480 --> 00:09:49,160 information. 154 00:09:49,590 --> 00:09:55,530 And usually this is where an attacker creates like a fake identity or a persona to use it to manipulate 155 00:09:55,530 --> 00:09:56,870 the RECEPT of information. 156 00:09:56,940 --> 00:09:59,790 And so this is a quick overview of social engineering and. 157 00:09:59,910 --> 00:10:06,030 The launch, an attack section, we're going to go a lot more in depth and not only on the theoretical 158 00:10:06,030 --> 00:10:08,070 side, but also on the practical side. 159 00:10:08,160 --> 00:10:11,950 We're going to go over a bunch of different ways to launch attacks. 160 00:10:11,970 --> 00:10:14,880 Anthony is going to go into those and a lot more detail. 161 00:10:15,000 --> 00:10:18,510 I'm excited for you to get started on the section and we'll see you on the next one.