1
00:00:09,200 --> 00:00:14,670
All right, last lecture, we talked about insecurity serialisation, hopefully that makes a lot of

2
00:00:14,670 --> 00:00:19,260
sense to you guys, even if it doesn't sit completely well, hopefully you have a better idea of what

3
00:00:19,260 --> 00:00:24,420
it is and you can speak to it to some degree of competency in an interview or something similar.

4
00:00:24,750 --> 00:00:29,040
So now what we're doing is we're getting into, I think, one of the most well known book classes.

5
00:00:29,310 --> 00:00:31,790
And this is using components with known vulnerabilities.

6
00:00:31,800 --> 00:00:32,060
Right.

7
00:00:32,370 --> 00:00:37,500
This is what you typically think of when you find an exploit on GitHub, write on Twitter and try to

8
00:00:37,500 --> 00:00:42,580
throw that exploit against the Web app, you know, get a rubber shell, maybe exposing sensitive data.

9
00:00:42,600 --> 00:00:44,610
That's typically what we're talking about when we look at this.

10
00:00:44,610 --> 00:00:48,290
But class is very easy to find already written exploits.

11
00:00:48,510 --> 00:00:49,350
That's not a big deal.

12
00:00:49,560 --> 00:00:49,690
Right?

13
00:00:49,750 --> 00:00:50,820
You can find us quite easily.

14
00:00:51,240 --> 00:00:52,370
And this is very prevalent.

15
00:00:52,380 --> 00:00:52,710
It is.

16
00:00:52,710 --> 00:00:53,880
It's a ubiquitous problem.

17
00:00:54,630 --> 00:00:57,030
Some skarner, such as retired gigas helping detection.

18
00:00:57,510 --> 00:00:59,230
And I'll show you that one in a little bit.

19
00:01:00,060 --> 00:01:05,910
And of course, some could have minor impacts, but others can have quite severe impact depending on

20
00:01:05,910 --> 00:01:07,080
the assets that you're protecting.

21
00:01:07,980 --> 00:01:09,780
And how do you make sure you're vulnerable?

22
00:01:09,810 --> 00:01:10,710
You've got to scan, right?

23
00:01:11,010 --> 00:01:14,280
It's one of the things you can do, and this is something I can show quite easily.

24
00:01:14,460 --> 00:01:19,430
So there are tools out there, for example, like shodan and sensors, binary edge.

25
00:01:20,160 --> 00:01:20,320
Right.

26
00:01:20,470 --> 00:01:26,190
These are all tools that will periodically or regularly scan the Internet and look for devices.

27
00:01:26,610 --> 00:01:29,370
So it's kind of like the Google for devices.

28
00:01:29,370 --> 00:01:30,660
You're not looking for Web pages.

29
00:01:30,660 --> 00:01:34,200
You're looking for computers that are public facing Web service databases, things like that.

30
00:01:34,530 --> 00:01:36,380
Another good one is binary edge.

31
00:01:38,340 --> 00:01:39,540
And some of these tools aren't free.

32
00:01:39,540 --> 00:01:39,900
Right?

33
00:01:39,930 --> 00:01:40,770
They're going to cost the money.

34
00:01:41,010 --> 00:01:42,300
But there's a lot of good data here.

35
00:01:43,500 --> 00:01:45,280
And this is a paid application, right?

36
00:01:45,300 --> 00:01:46,470
It's a premium application.

37
00:01:47,070 --> 00:01:48,030
You get what you pay for.

38
00:01:48,060 --> 00:01:52,500
So if you use a free application, you're going to get results that are related to free use a paid application

39
00:01:52,500 --> 00:01:52,850
like berp.

40
00:01:52,860 --> 00:01:59,280
You'll get a higher quality results that here we can see that we have a vulnerable JavaScript dependency

41
00:01:59,310 --> 00:02:01,020
which might befall these vulnerabilities.

42
00:02:02,400 --> 00:02:09,020
And if we're going to extend extender, we can look at a plugin I like called retire, retire.

43
00:02:09,300 --> 00:02:10,710
There it is, retired at Jass.

44
00:02:10,710 --> 00:02:11,850
It's a pro berp extension.

45
00:02:12,300 --> 00:02:13,200
I can install it.

46
00:02:14,800 --> 00:02:21,370
And then when we go back to the target, we right click and we go to Skin Crawl and audit, it's going

47
00:02:21,370 --> 00:02:22,690
to scan this year around.

48
00:02:25,860 --> 00:02:32,790
And we can just keep the default application pool and thread count go to the dashboard, you're going

49
00:02:32,790 --> 00:02:35,630
to eventually start to see a results, Poppy, like using retired.

50
00:02:35,720 --> 00:02:38,460
Yes, it's going to show you vulnerable JavaScript libraries.

51
00:02:40,320 --> 00:02:41,220
You can see it's loaded.

52
00:02:42,940 --> 00:02:47,110
You notice it says on authenticated crawl, when you're running the scan, you typically want to do

53
00:02:47,110 --> 00:02:51,430
a credentialled crawl because when it's credentialed, you have more access to more things, to more

54
00:02:51,430 --> 00:02:51,980
functionality.

55
00:02:51,980 --> 00:02:57,580
You get more coverage in the application because you're now in a position where you have more access.

56
00:02:58,000 --> 00:02:58,280
Right.

57
00:02:59,020 --> 00:03:04,510
So if you're doing a penetration test or red team, see if you have you can get permission to perform

58
00:03:04,510 --> 00:03:07,960
a credentialed audit and a credentialed crawl.

59
00:03:08,590 --> 00:03:12,120
I think this will be the most beneficial to the client that you're supporting.

60
00:03:12,610 --> 00:03:12,850
Right.

61
00:03:12,850 --> 00:03:14,080
So there's not really much to see here.

62
00:03:14,090 --> 00:03:17,080
I mean, just make sure that you guys, you know, you're patching your software, don't use outdated

63
00:03:17,080 --> 00:03:22,480
software, and you make sure that you have a patch management process in place.

64
00:03:23,170 --> 00:03:28,960
And, you know, you're conscious about all of the various attacks and threats that exist and are currently

65
00:03:28,960 --> 00:03:30,530
being exploited in the wild.

66
00:03:31,030 --> 00:03:34,750
And one thing you want to do when this thing is running, you can always look down here in the lab and

67
00:03:34,750 --> 00:03:36,040
you can see the events that are happening.

68
00:03:37,180 --> 00:03:41,850
And then appear in issue activity, you can see the different issues that are found, so, you know,

69
00:03:41,850 --> 00:03:45,610
if there's one tool that you can add to your tools that I strongly suggest you just purchased burp,

70
00:03:46,060 --> 00:03:48,150
it's kind of like a standard tool for penetration tester.

71
00:03:48,170 --> 00:03:50,350
I mean, you can't really do your job well without it.

72
00:03:51,870 --> 00:03:55,380
So make sure you do that and here we can actually see there was another issue that just popped up,

73
00:03:56,160 --> 00:03:58,200
I believe this came from retired James.

74
00:04:00,040 --> 00:04:03,490
But you can see that we have, again, a vulnerable version of jiggery.

75
00:04:04,730 --> 00:04:07,190
And this that's the come from retired.

76
00:04:07,260 --> 00:04:12,170
Yes, we might be able to exploit this and you have some links to some CVS's.

77
00:04:13,260 --> 00:04:17,900
So this is really good and just a really, really easy way to see if you have any vulnerabilities in

78
00:04:17,900 --> 00:04:18,280
your Web site.

79
00:04:18,290 --> 00:04:20,480
But a scam could scam.

80
00:04:20,660 --> 00:04:21,100
All right, guys.

81
00:04:21,500 --> 00:04:29,860
So let's jump into the next picture and we will dig into the whole notion of insufficient monitoring.

82
00:04:30,080 --> 00:04:30,440
All right.

83
00:04:30,830 --> 00:04:33,290
I'll see you guys in the next lecture at about.