1 00:00:03,010 --> 00:00:09,760 Class, I hope you enjoyed this section on command and control of a windows in computer from Caleigh 2 00:00:10,090 --> 00:00:14,620 using a piece of malware you created in the previous section on the attack phase. 3 00:00:14,920 --> 00:00:22,390 I also hope that this has been a little bit scary for you to see how easy it is for an attacker to command 4 00:00:22,390 --> 00:00:29,410 and control, to look at screen shots, keystrokes, spy through your webcam, upload, download and 5 00:00:29,410 --> 00:00:34,480 view files, or even steal passwords from users on a Windows computer. 6 00:00:34,870 --> 00:00:40,270 If you click through and download the wrong file, whether that's an executable file like the one we 7 00:00:40,270 --> 00:00:44,570 created here, whether that is a movie that you think you're getting for free. 8 00:00:44,590 --> 00:00:46,690 The latest movie from the box office. 9 00:00:47,020 --> 00:00:48,040 And you didn't pay for it. 10 00:00:48,130 --> 00:00:53,770 It could have a surprise package along with that file that takes advantage of vulnerability either in 11 00:00:53,770 --> 00:00:59,590 Windows, in your Web browser or in a video player or other application. 12 00:01:00,640 --> 00:01:07,930 It could you could get a virus through a word document, through a PDA file, through a simple Web page. 13 00:01:08,260 --> 00:01:12,940 So being careful is one of the most important things to take out of this. 14 00:01:13,330 --> 00:01:17,770 Well, it's really easy for an attacker to do a lot of damage and get access to a lot of information. 15 00:01:17,770 --> 00:01:23,500 But the good news is it's also pretty easy to keep an attack like this from working. 16 00:01:24,370 --> 00:01:29,800 There are just about three things that we need to remember to be able to keep attacks like this at bay. 17 00:01:29,830 --> 00:01:31,150 And you don't have to. 18 00:01:32,350 --> 00:01:35,980 You don't have to be the most secure person with the best passwords on the planet. 19 00:01:36,370 --> 00:01:42,160 You just have to keep yourself from being low hanging fruit, from being an easy target for attackers. 20 00:01:43,120 --> 00:01:48,190 There are just a few things that you need to do to make this kind of attack much harder for somebody 21 00:01:48,190 --> 00:01:49,350 to pull off on you. 22 00:01:50,640 --> 00:01:53,520 First of all, don't download. 23 00:01:53,610 --> 00:01:55,620 Don't click and don't run. 24 00:01:56,010 --> 00:01:58,800 Suspicious files that you download over the Internet. 25 00:01:59,280 --> 00:02:06,150 So we just found this file fortnight, all skins or important document, not PDAF or funny cat video, 26 00:02:06,150 --> 00:02:12,990 whatever would make you or one of your one of your clients click through if you're doing a security 27 00:02:12,990 --> 00:02:13,560 assessment. 28 00:02:14,670 --> 00:02:21,090 But as soon as we downloaded that and ran it, it gave complete command and control over a Windows computer 29 00:02:21,090 --> 00:02:26,970 all the way down to our files, our keystrokes, our webcam, our passwords to a remote user over the 30 00:02:26,970 --> 00:02:27,420 Internet. 31 00:02:27,750 --> 00:02:32,010 Now, these are two computers that are sitting on the same physical machine. 32 00:02:32,340 --> 00:02:34,890 But this could be on the other side of the planet. 33 00:02:35,220 --> 00:02:42,180 I could be in North Carolina or Russia or New Zealand, any place on the planet, and run into an attack 34 00:02:42,180 --> 00:02:46,770 like this against a customer who's asked me to do some penetration testing for them. 35 00:02:47,370 --> 00:02:49,200 So this is really important. 36 00:02:49,500 --> 00:02:56,910 It's also a great way to show family members just in your local safe ethical hacking lab why they should 37 00:02:56,910 --> 00:03:02,880 be careful about clicking through those links or filling out a survey or watching videos that they may 38 00:03:02,880 --> 00:03:04,410 be downloading illegally online. 39 00:03:04,860 --> 00:03:10,560 This is a really good way to help people see how serious it is and how much control they could be giving 40 00:03:10,860 --> 00:03:16,470 to an attacker over the Internet just by using that free thing that shouldn't be free of surfing to 41 00:03:16,470 --> 00:03:18,720 that Web page that they probably shouldn't surf to. 42 00:03:19,440 --> 00:03:25,380 So just being careful where you click, not downloading and running things or run them through virus 43 00:03:25,380 --> 00:03:27,090 total or another program. 44 00:03:27,120 --> 00:03:31,290 So if I take this file that I've just downloaded and go to virus total. 45 00:03:32,890 --> 00:03:35,830 I can upload this file into virus total. 46 00:03:37,380 --> 00:03:40,810 And I will choose the downloaded version so that it doesn't delete it. 47 00:03:42,780 --> 00:03:44,360 And I'll confirm the upload. 48 00:03:45,730 --> 00:03:50,470 In just a few seconds, you're going to be able to see with this is probably a safe file for you to 49 00:03:50,470 --> 00:03:55,150 open and use or if this file is crawling with infection's. 50 00:03:56,510 --> 00:04:02,190 And we can see really quickly that this file is definitely a Trojan. 51 00:04:02,210 --> 00:04:09,220 A remote access Trojan, a file, it gives complete command and control over a Windows computer to a 52 00:04:09,230 --> 00:04:10,100 Kalli machine. 53 00:04:10,430 --> 00:04:13,230 So virus total is lighting up like a Christmas tree. 54 00:04:13,250 --> 00:04:15,660 Here we've got red everywhere. 55 00:04:15,710 --> 00:04:19,250 Dozens of different antivirus programs see this as a malicious file. 56 00:04:19,580 --> 00:04:25,190 And I should also note that a handful of these do not yet detect this, but give it a little bit of 57 00:04:25,190 --> 00:04:30,560 time to run through all of the different antivirus programs and you'll see that it's pretty clear that 58 00:04:30,560 --> 00:04:32,690 this is a dangerous file. 59 00:04:33,050 --> 00:04:37,640 So just doing a quick sanity check, if you're downloading something that you might be suspicious about, 60 00:04:37,940 --> 00:04:43,550 uploading antivirus total could be one way to check it out or running a scan with your antivirus program. 61 00:04:44,270 --> 00:04:47,540 That brings us to the second tip that you can use to keep yourself safe. 62 00:04:47,960 --> 00:04:50,360 Use an antivirus and firewall. 63 00:04:50,720 --> 00:04:55,340 That means make sure that they're running and then make sure that they're up to date. 64 00:04:55,400 --> 00:04:57,530 So update your virus protection. 65 00:04:57,830 --> 00:05:01,250 In fact, we're going to turn our virus in through a protection settings back on. 66 00:05:04,300 --> 00:05:05,370 So we go to open. 67 00:05:06,480 --> 00:05:11,040 And go to the virus and threats, protection settings, and we're gonna turn them back on. 68 00:05:11,070 --> 00:05:11,760 Yes. 69 00:05:12,060 --> 00:05:15,990 We're also going to change back over our Windows firewall and we're going to say. 70 00:05:18,790 --> 00:05:23,290 Mitt S.H. advanced firewall's set all profiles to state on the. 71 00:05:24,430 --> 00:05:28,180 And now our Windows firewall is back up and active. 72 00:05:28,570 --> 00:05:32,200 And in fact, that interpreter session that we have over here, if I unless. 73 00:05:33,370 --> 00:05:34,050 Look at that. 74 00:05:35,390 --> 00:05:39,250 Nope, I still have access because I got him before they turned it on, that's a really important thing 75 00:05:39,250 --> 00:05:39,790 to remember. 76 00:05:40,270 --> 00:05:46,130 But in just a few moments, this connection will likely die because the Windows firewall. 77 00:05:46,450 --> 00:05:49,480 And because of that Windows defender. 78 00:05:49,750 --> 00:05:51,450 But this is really important to notice. 79 00:05:51,550 --> 00:05:56,350 Notice that I downloaded and ran this file and paid maternity access. 80 00:05:56,380 --> 00:06:03,370 Then when I turned on the antivirus and turned on the Windows firewall, I still have access to look 81 00:06:03,370 --> 00:06:05,890 at files inside that remote computer. 82 00:06:06,250 --> 00:06:10,030 So that's a really important thing to keep in mind, is that once you get infected, you're gonna have 83 00:06:10,030 --> 00:06:15,100 to turn this computer off, take it off the network, run a full virus scan and then find this virus. 84 00:06:15,280 --> 00:06:16,600 Delete it and take care of it. 85 00:06:16,960 --> 00:06:20,590 But running a good firewall, an antivirus is a great second step. 86 00:06:20,860 --> 00:06:23,740 After being careful what you download and click in the first place. 87 00:06:25,750 --> 00:06:31,480 And then finally, one of the most important things you can do is keep your system up to date. 88 00:06:31,810 --> 00:06:33,780 So run your windows updates. 89 00:06:36,670 --> 00:06:38,240 Check for updates often. 90 00:06:38,290 --> 00:06:41,320 You should do this at least once a month, once a week. 91 00:06:41,350 --> 00:06:46,090 If you do a lot of Web surfing or if you download a lot of files over the Internet, it's a good week, 92 00:06:46,090 --> 00:06:46,360 too. 93 00:06:46,390 --> 00:06:47,080 It's a good thing. 94 00:06:47,080 --> 00:06:55,390 The weekly check for your Windows operating system, your Microsoft Office, Java, or any programming 95 00:06:55,390 --> 00:06:57,370 applications that you might have on your computer. 96 00:06:57,940 --> 00:07:04,510 Definitely any Web browser updates if you don't do this at least once a week. 97 00:07:04,870 --> 00:07:07,030 Sorry if you don't do this at least once a month. 98 00:07:07,390 --> 00:07:09,640 That's a really good thing for you to start doing. 99 00:07:10,000 --> 00:07:15,610 If you make it do a lot of credit card transactions over your computer, if you do a lot of online banking, 100 00:07:15,610 --> 00:07:17,500 it's not a bad idea to do this once a week. 101 00:07:17,900 --> 00:07:25,630 So every Friday before you log off, go do a check for updates, check your Web browser for updates, 102 00:07:25,990 --> 00:07:30,250 check your Microsoft Office for updates. 103 00:07:30,640 --> 00:07:32,630 It's a really good practice to get in the habit of. 104 00:07:32,650 --> 00:07:38,200 So just by doing those three three things, not opening suspicious files, making sure your antivirus 105 00:07:38,290 --> 00:07:43,870 and firewall protection are turned on and updating your operating system and applications often can 106 00:07:43,930 --> 00:07:50,350 keep you safe from as much as 85 percent of the drive by attacks like the ones we've seen here on the 107 00:07:50,350 --> 00:07:50,770 Internet. 108 00:07:51,160 --> 00:07:54,760 So you don't have to be the most secure, the most careful person on the planet. 109 00:07:54,770 --> 00:08:01,240 Just doing those three things can keep you from becoming an easy target or low hanging fruit for an 110 00:08:01,240 --> 00:08:02,830 attacker out on the Internet. 111 00:08:03,310 --> 00:08:07,810 So I hope this has been a really great couple of sections for you on the attack phase and the command 112 00:08:07,810 --> 00:08:13,300 and control phase of hacking into a Windows team computer, seeing how much an attacker can do when 113 00:08:13,300 --> 00:08:14,770 they're on your system remotely. 114 00:08:15,070 --> 00:08:20,440 If you click through and download the wrong file and then it's really easy to keep yourself from being 115 00:08:20,440 --> 00:08:25,660 a target just by being careful what you do online, making sure you've got good protection, and then 116 00:08:25,780 --> 00:08:27,130 checking for updates often. 117 00:08:27,640 --> 00:08:29,070 I hope there's been a great lesson for you. 118 00:08:29,080 --> 00:08:30,760 We will see you in the next section.