1
00:00:00,270 --> 00:00:06,510
Welcome to Section eight and this section, we're going to go over launching attacks now, this is going

2
00:00:06,510 --> 00:00:10,350
to be one of the longest sections in this entire course.

3
00:00:10,740 --> 00:00:16,830
We're going to cover a myriad of different ways to launch attacks, how attacks are actually launched

4
00:00:16,830 --> 00:00:23,040
by black hats, what we can do to overcome those attacks and really to be more on the offense, because

5
00:00:23,040 --> 00:00:25,380
this is where we've already gathered the data.

6
00:00:25,380 --> 00:00:28,740
We've already done the active and passive reconnaissance.

7
00:00:28,740 --> 00:00:36,150
We've been able to gather the intelligence so that we can actually execute and launch attacks based

8
00:00:36,150 --> 00:00:38,360
on the information that we've already accumulated.

9
00:00:38,370 --> 00:00:38,650
Right.

10
00:00:39,190 --> 00:00:47,130
And so what we're going to go over here in this section is the different methods, the different strategies,

11
00:00:47,130 --> 00:00:51,150
tools and everything that comes into play, into launching attacks.

12
00:00:51,510 --> 00:00:56,970
Like I mentioned, this is probably going to be one of the longest sections, but it's going to be completely

13
00:00:57,120 --> 00:00:58,020
value packed.

14
00:00:58,170 --> 00:00:59,820
And I'm excited for you to get started.

15
00:00:59,850 --> 00:01:02,790
So let's go ahead and go over the Section eight overview.

16
00:01:03,340 --> 00:01:07,980
So, like I mentioned, this is where you're going to learn how to launch attacks and compromise your

17
00:01:07,980 --> 00:01:09,660
targets when hacking.

18
00:01:10,050 --> 00:01:15,570
And what we're going to go over specifically are the phases of an attack and then analyzing gathered

19
00:01:15,570 --> 00:01:16,200
information.

20
00:01:16,200 --> 00:01:16,470
Right.

21
00:01:16,470 --> 00:01:21,930
Because after we collect the information, we want to make sure that we're able to analyze it appropriately.

22
00:01:22,110 --> 00:01:28,350
We're able to look at where the weak points were, the areas of opportunities for us to actually exploit,

23
00:01:28,860 --> 00:01:36,210
and then searching and understanding, exploit and launching exploits and then creating custom malware,

24
00:01:36,330 --> 00:01:42,900
how we can actually create this and be able to use it to infect machines and then avoiding antivirus

25
00:01:42,900 --> 00:01:43,590
detection.

26
00:01:43,860 --> 00:01:45,780
This is extremely powerful here.

27
00:01:45,780 --> 00:01:54,450
When you can bypass like a McAfee or a Norten or any one of these very sophisticated virus protections.

28
00:01:54,450 --> 00:01:54,830
Right.

29
00:01:54,870 --> 00:02:00,660
This is very powerful for you to be able to go in and actually take advantage of a system.

30
00:02:00,660 --> 00:02:01,040
Right.

31
00:02:01,560 --> 00:02:03,680
And then we have brute force attacks.

32
00:02:03,690 --> 00:02:08,550
This is where you're essentially overloading a system, essentially throwing everything in the kitchen

33
00:02:08,550 --> 00:02:12,270
sink to be able to get access to the actual target.

34
00:02:12,450 --> 00:02:16,430
And then the AARP spoofing and the social engineering.

35
00:02:16,830 --> 00:02:23,100
So social engineering is going to be also a topic that we go quite in-depth in as well, as you can

36
00:02:23,100 --> 00:02:29,700
perhaps recall from the previous lectures in sections, social engineering is really the manipulation

37
00:02:30,030 --> 00:02:36,450
of individuals to gather intel information about them without them actually doing it willingly.

38
00:02:36,450 --> 00:02:36,720
Right.

39
00:02:36,720 --> 00:02:43,500
Because they are essentially giving you information, but they're doing it not knowing that you're looking

40
00:02:43,500 --> 00:02:46,100
to use that information in a negative manner.

41
00:02:46,110 --> 00:02:46,530
Right.

42
00:02:46,530 --> 00:02:47,620
Maliciously, right.

43
00:02:47,640 --> 00:02:51,420
So we're going to cover all these different topics here in depth.

44
00:02:51,510 --> 00:02:54,090
So let's go ahead and jump into this real quick here.

45
00:02:54,240 --> 00:02:56,040
Let's go into a quick disclaimer.

46
00:02:56,490 --> 00:03:02,130
Like I mentioned on any other section here, anything from this course that you learn here is purely

47
00:03:02,130 --> 00:03:08,190
for educational purposes and is meant to be used for ethical hacking only on this given permission to

48
00:03:08,190 --> 00:03:08,940
do so prior.

49
00:03:09,510 --> 00:03:12,570
So there are five phases that make up an attack.

50
00:03:12,570 --> 00:03:19,290
The first one is reconnaissance, the information gathering, the scanning, the actually looking at

51
00:03:19,290 --> 00:03:24,190
the network and looking at what is available for us to exploit and then gaining access.

52
00:03:24,390 --> 00:03:27,180
This is actually tied up the actual network.

53
00:03:27,180 --> 00:03:33,420
We are in there through whatever kind of loophole that we found and then maintaining access once we're

54
00:03:33,420 --> 00:03:40,170
there installing back doors or utilizing a myriad of different methods to maintain that access and then

55
00:03:40,350 --> 00:03:41,610
covering our tracks.

56
00:03:41,610 --> 00:03:41,840
Right.

57
00:03:41,860 --> 00:03:49,380
Making sure that we cover up any type of evidence or information that lets anybody else know that we've

58
00:03:49,380 --> 00:03:54,540
actually been there so that when they go look at their network, they are not able to find any tracks

59
00:03:54,750 --> 00:03:55,290
from us.

60
00:03:55,290 --> 00:03:55,550
Right.

61
00:03:55,720 --> 00:03:57,780
And so let's go into these one by one.

62
00:03:57,960 --> 00:03:58,860
So reconnaissance.

63
00:03:58,860 --> 00:03:59,160
Right.

64
00:03:59,160 --> 00:04:00,870
We have already gone through this.

65
00:04:00,870 --> 00:04:05,670
But I want to kind of give you a brief overview of what reconnaissance is here.

66
00:04:05,670 --> 00:04:07,740
So phase one reconnaissance, right?

67
00:04:07,750 --> 00:04:12,720
We talked about passive here where an attacker does not interact with the system directly.

68
00:04:13,080 --> 00:04:19,450
And then we have the active where the attacker is actually interacting with the system by using tools

69
00:04:19,450 --> 00:04:20,850
to detect open ports.

70
00:04:20,850 --> 00:04:27,120
Different availabilities that are there to be able to connect to the passive is where somebody can be

71
00:04:27,300 --> 00:04:30,540
across the world and just not really connected to anything.

72
00:04:30,540 --> 00:04:35,460
And then active is actually where there's some sort of connection made to the network through some kind

73
00:04:35,460 --> 00:04:37,890
of port or whatever kind of loophole available.

74
00:04:38,160 --> 00:04:40,060
And then phase two, we have the scanning.

75
00:04:40,320 --> 00:04:46,890
So this is where we are using the information that we gathered and we're looking to find different vulnerabilities

76
00:04:46,890 --> 00:04:53,070
so an attacker can gather critical information on a network such as mapping the system, the router

77
00:04:53,070 --> 00:04:53,790
and the firewall.

78
00:04:53,800 --> 00:04:59,370
So, for example, when the attacker is looking at a particular system, they're looking to map it out.

79
00:04:59,400 --> 00:04:59,850
They want to look.

80
00:05:00,180 --> 00:05:05,880
OK, how does everything connect, does one particular department have their system or their network

81
00:05:05,880 --> 00:05:10,380
set up a certain way, let's say the marketing department, you know, how are they set up versus like

82
00:05:10,380 --> 00:05:13,530
the sales department versus the H.R. department?

83
00:05:13,530 --> 00:05:13,800
Right.

84
00:05:14,040 --> 00:05:19,400
And then how do they all connect to the main network of the entire system?

85
00:05:19,410 --> 00:05:19,680
Right.

86
00:05:20,250 --> 00:05:25,230
And so they're looking at how everything is set up, all the different firewalls, essentially looking

87
00:05:25,230 --> 00:05:28,140
at any roadblocks that may come into play.

88
00:05:28,290 --> 00:05:28,650
Right.

89
00:05:28,650 --> 00:05:31,170
With their actual attacks that they're planning.

90
00:05:31,440 --> 00:05:35,850
And then the port scanners, this is how they used to essentially scan the system.

91
00:05:35,850 --> 00:05:40,680
Look at the information, look at the actual machines, vulnerability scanners.

92
00:05:40,890 --> 00:05:42,750
These are the most commonly used tools.

93
00:05:43,080 --> 00:05:45,630
This is what we're going into, gaining access.

94
00:05:45,810 --> 00:05:52,320
This is where the most damage happens here, because once access is gained, they can do quite a bit

95
00:05:52,320 --> 00:05:54,450
of damage here to the actual network.

96
00:05:54,660 --> 00:06:00,090
They can do quite a bit of damage here to the network based on the different techniques that are actually

97
00:06:00,090 --> 00:06:01,340
presented in this program.

98
00:06:01,770 --> 00:06:06,860
So access can be gained locally, offline, over land, over the Internet.

99
00:06:06,870 --> 00:06:13,260
And then a hacker's chance of gaining access into a target system are influenced by factors such as

100
00:06:13,290 --> 00:06:19,350
architecture and configuration of that particular target system, how it's mapped out, how everything's

101
00:06:19,350 --> 00:06:23,430
connected, if one is connected to the other and what's proximity.

102
00:06:23,580 --> 00:06:23,790
Right.

103
00:06:23,850 --> 00:06:28,890
What's the, you know, area of coverage and then the skill level of the hacker, how advanced are they?

104
00:06:29,040 --> 00:06:30,770
What kind of skill level do they have?

105
00:06:30,780 --> 00:06:32,910
What kind of tools and techniques do they have?

106
00:06:32,910 --> 00:06:35,130
And then the initial level of access obtained.

107
00:06:35,140 --> 00:06:38,790
So now let's go into phase four, maintaining access.

108
00:06:38,970 --> 00:06:40,410
So maintaining access.

109
00:06:40,710 --> 00:06:43,140
This is where we want to remain undetected.

110
00:06:43,140 --> 00:06:43,440
Right.

111
00:06:43,650 --> 00:06:46,920
And we want to remove any evidence of the intrusion.

112
00:06:47,220 --> 00:06:54,060
And so what happens here is more often than not, a back door is installed or a Trojan is there to be

113
00:06:54,060 --> 00:07:00,900
able to allow them to get repeated access without leaving any kind of footprint and then also installing

114
00:07:00,900 --> 00:07:05,130
rude kids to gain full administrative access to the target system.

115
00:07:05,130 --> 00:07:12,480
Hackers can use Trojan horses to transfer usernames, passwords and any other information stored on

116
00:07:12,480 --> 00:07:13,080
the system.

117
00:07:13,260 --> 00:07:18,930
These are very, very powerful tools to be able to transfer that information and essentially to maintain

118
00:07:18,930 --> 00:07:20,190
access to the system.

119
00:07:20,190 --> 00:07:27,990
And then organizations can use intrusion detection systems or deploy traps known as honeypots and honeynet

120
00:07:28,110 --> 00:07:29,280
to detect intruders.

121
00:07:29,280 --> 00:07:36,300
So oftentimes organizations that have an actual cybersecurity strategy or plan already in place, they'll

122
00:07:36,300 --> 00:07:40,800
have these essentially as bait to trap those actual intruders.

123
00:07:40,800 --> 00:07:43,200
And then phase five here covering tracks.

124
00:07:43,350 --> 00:07:47,610
And a good hacker will always erase all evidence of their actions.

125
00:07:47,910 --> 00:07:54,390
And with the Trojans, such as a piece or net cat, these tools are used often to erase the attackers

126
00:07:54,390 --> 00:07:56,950
activity from the systems log files.

127
00:07:57,510 --> 00:07:59,260
So let's look at steganography.

128
00:07:59,850 --> 00:08:05,940
This is a process here of hiding data and other data, for instance, an image or sound files where

129
00:08:06,480 --> 00:08:11,010
there can be encrypted data or information in there, and then we have tunneling.

130
00:08:11,280 --> 00:08:17,910
This is where you can take advantage of the transmission protocol by carrying in one protocol over another.

131
00:08:18,750 --> 00:08:22,490
So now let's look at what exactly is social engineering.

132
00:08:22,500 --> 00:08:27,360
I want to give you more of an in-depth understanding of what this is, what this is about.

133
00:08:27,360 --> 00:08:30,720
Anthony's going to go quite in-depth into this section as well.

134
00:08:30,900 --> 00:08:34,440
I want to give you a bird's eye overview of what this entails here.

135
00:08:34,910 --> 00:08:41,160
So social engineering is the art of manipulating users into revealing confidential information that

136
00:08:41,160 --> 00:08:45,270
can be used to gain unauthorized access to information.

137
00:08:46,010 --> 00:08:49,480
So let's look at some of the common social engineering attacks.

138
00:08:50,070 --> 00:08:51,900
So let's look at phishing attacks.

139
00:08:51,900 --> 00:08:57,120
And these are the most common types of attacks that are leveraging social engineering techniques.

140
00:08:57,120 --> 00:09:04,410
So this is where attackers are using emails, social media and instant messaging, and also SMS through

141
00:09:04,830 --> 00:09:11,130
text message to trick victims into providing sensitive information or visiting malicious you or else

142
00:09:11,130 --> 00:09:13,830
websites to attempt to compromise their systems.

143
00:09:14,400 --> 00:09:21,660
And then water holding attacks consist of injecting malicious code into the public web pages of a site

144
00:09:21,690 --> 00:09:23,370
that the target used to visit.

145
00:09:23,730 --> 00:09:27,150
So just think about like a simple Web site such as like Yahoo!

146
00:09:27,150 --> 00:09:29,400
Dot com, where it gets a ton of traffic.

147
00:09:29,410 --> 00:09:34,920
They could put in some type of malicious code in there where that anybody that visits that website can

148
00:09:34,920 --> 00:09:37,020
get automatically infected.

149
00:09:37,020 --> 00:09:37,300
Right.

150
00:09:37,320 --> 00:09:40,350
So that's how they're able to use a water hole attack.

151
00:09:40,350 --> 00:09:42,000
And then we have pretexting.

152
00:09:42,150 --> 00:09:48,480
This is where this is where the hackers presenting themselves as someone else in order to obtain private

153
00:09:48,480 --> 00:09:49,160
information.

154
00:09:49,590 --> 00:09:55,530
And usually this is where an attacker creates like a fake identity or a persona to use it to manipulate

155
00:09:55,530 --> 00:09:56,870
the RECEPT of information.

156
00:09:56,940 --> 00:09:59,790
And so this is a quick overview of social engineering and.

157
00:09:59,910 --> 00:10:06,030
The launch, an attack section, we're going to go a lot more in depth and not only on the theoretical

158
00:10:06,030 --> 00:10:08,070
side, but also on the practical side.

159
00:10:08,160 --> 00:10:11,950
We're going to go over a bunch of different ways to launch attacks.

160
00:10:11,970 --> 00:10:14,880
Anthony is going to go into those and a lot more detail.

161
00:10:15,000 --> 00:10:18,510
I'm excited for you to get started on the section and we'll see you on the next one.