1
00:00:03,010 --> 00:00:09,760
Class, I hope you enjoyed this section on command and control of a windows in computer from Caleigh

2
00:00:10,090 --> 00:00:14,620
using a piece of malware you created in the previous section on the attack phase.

3
00:00:14,920 --> 00:00:22,390
I also hope that this has been a little bit scary for you to see how easy it is for an attacker to command

4
00:00:22,390 --> 00:00:29,410
and control, to look at screen shots, keystrokes, spy through your webcam, upload, download and

5
00:00:29,410 --> 00:00:34,480
view files, or even steal passwords from users on a Windows computer.

6
00:00:34,870 --> 00:00:40,270
If you click through and download the wrong file, whether that's an executable file like the one we

7
00:00:40,270 --> 00:00:44,570
created here, whether that is a movie that you think you're getting for free.

8
00:00:44,590 --> 00:00:46,690
The latest movie from the box office.

9
00:00:47,020 --> 00:00:48,040
And you didn't pay for it.

10
00:00:48,130 --> 00:00:53,770
It could have a surprise package along with that file that takes advantage of vulnerability either in

11
00:00:53,770 --> 00:00:59,590
Windows, in your Web browser or in a video player or other application.

12
00:01:00,640 --> 00:01:07,930
It could you could get a virus through a word document, through a PDA file, through a simple Web page.

13
00:01:08,260 --> 00:01:12,940
So being careful is one of the most important things to take out of this.

14
00:01:13,330 --> 00:01:17,770
Well, it's really easy for an attacker to do a lot of damage and get access to a lot of information.

15
00:01:17,770 --> 00:01:23,500
But the good news is it's also pretty easy to keep an attack like this from working.

16
00:01:24,370 --> 00:01:29,800
There are just about three things that we need to remember to be able to keep attacks like this at bay.

17
00:01:29,830 --> 00:01:31,150
And you don't have to.

18
00:01:32,350 --> 00:01:35,980
You don't have to be the most secure person with the best passwords on the planet.

19
00:01:36,370 --> 00:01:42,160
You just have to keep yourself from being low hanging fruit, from being an easy target for attackers.

20
00:01:43,120 --> 00:01:48,190
There are just a few things that you need to do to make this kind of attack much harder for somebody

21
00:01:48,190 --> 00:01:49,350
to pull off on you.

22
00:01:50,640 --> 00:01:53,520
First of all, don't download.

23
00:01:53,610 --> 00:01:55,620
Don't click and don't run.

24
00:01:56,010 --> 00:01:58,800
Suspicious files that you download over the Internet.

25
00:01:59,280 --> 00:02:06,150
So we just found this file fortnight, all skins or important document, not PDAF or funny cat video,

26
00:02:06,150 --> 00:02:12,990
whatever would make you or one of your one of your clients click through if you're doing a security

27
00:02:12,990 --> 00:02:13,560
assessment.

28
00:02:14,670 --> 00:02:21,090
But as soon as we downloaded that and ran it, it gave complete command and control over a Windows computer

29
00:02:21,090 --> 00:02:26,970
all the way down to our files, our keystrokes, our webcam, our passwords to a remote user over the

30
00:02:26,970 --> 00:02:27,420
Internet.

31
00:02:27,750 --> 00:02:32,010
Now, these are two computers that are sitting on the same physical machine.

32
00:02:32,340 --> 00:02:34,890
But this could be on the other side of the planet.

33
00:02:35,220 --> 00:02:42,180
I could be in North Carolina or Russia or New Zealand, any place on the planet, and run into an attack

34
00:02:42,180 --> 00:02:46,770
like this against a customer who's asked me to do some penetration testing for them.

35
00:02:47,370 --> 00:02:49,200
So this is really important.

36
00:02:49,500 --> 00:02:56,910
It's also a great way to show family members just in your local safe ethical hacking lab why they should

37
00:02:56,910 --> 00:03:02,880
be careful about clicking through those links or filling out a survey or watching videos that they may

38
00:03:02,880 --> 00:03:04,410
be downloading illegally online.

39
00:03:04,860 --> 00:03:10,560
This is a really good way to help people see how serious it is and how much control they could be giving

40
00:03:10,860 --> 00:03:16,470
to an attacker over the Internet just by using that free thing that shouldn't be free of surfing to

41
00:03:16,470 --> 00:03:18,720
that Web page that they probably shouldn't surf to.

42
00:03:19,440 --> 00:03:25,380
So just being careful where you click, not downloading and running things or run them through virus

43
00:03:25,380 --> 00:03:27,090
total or another program.

44
00:03:27,120 --> 00:03:31,290
So if I take this file that I've just downloaded and go to virus total.

45
00:03:32,890 --> 00:03:35,830
I can upload this file into virus total.

46
00:03:37,380 --> 00:03:40,810
And I will choose the downloaded version so that it doesn't delete it.

47
00:03:42,780 --> 00:03:44,360
And I'll confirm the upload.

48
00:03:45,730 --> 00:03:50,470
In just a few seconds, you're going to be able to see with this is probably a safe file for you to

49
00:03:50,470 --> 00:03:55,150
open and use or if this file is crawling with infection's.

50
00:03:56,510 --> 00:04:02,190
And we can see really quickly that this file is definitely a Trojan.

51
00:04:02,210 --> 00:04:09,220
A remote access Trojan, a file, it gives complete command and control over a Windows computer to a

52
00:04:09,230 --> 00:04:10,100
Kalli machine.

53
00:04:10,430 --> 00:04:13,230
So virus total is lighting up like a Christmas tree.

54
00:04:13,250 --> 00:04:15,660
Here we've got red everywhere.

55
00:04:15,710 --> 00:04:19,250
Dozens of different antivirus programs see this as a malicious file.

56
00:04:19,580 --> 00:04:25,190
And I should also note that a handful of these do not yet detect this, but give it a little bit of

57
00:04:25,190 --> 00:04:30,560
time to run through all of the different antivirus programs and you'll see that it's pretty clear that

58
00:04:30,560 --> 00:04:32,690
this is a dangerous file.

59
00:04:33,050 --> 00:04:37,640
So just doing a quick sanity check, if you're downloading something that you might be suspicious about,

60
00:04:37,940 --> 00:04:43,550
uploading antivirus total could be one way to check it out or running a scan with your antivirus program.

61
00:04:44,270 --> 00:04:47,540
That brings us to the second tip that you can use to keep yourself safe.

62
00:04:47,960 --> 00:04:50,360
Use an antivirus and firewall.

63
00:04:50,720 --> 00:04:55,340
That means make sure that they're running and then make sure that they're up to date.

64
00:04:55,400 --> 00:04:57,530
So update your virus protection.

65
00:04:57,830 --> 00:05:01,250
In fact, we're going to turn our virus in through a protection settings back on.

66
00:05:04,300 --> 00:05:05,370
So we go to open.

67
00:05:06,480 --> 00:05:11,040
And go to the virus and threats, protection settings, and we're gonna turn them back on.

68
00:05:11,070 --> 00:05:11,760
Yes.

69
00:05:12,060 --> 00:05:15,990
We're also going to change back over our Windows firewall and we're going to say.

70
00:05:18,790 --> 00:05:23,290
Mitt S.H. advanced firewall's set all profiles to state on the.

71
00:05:24,430 --> 00:05:28,180
And now our Windows firewall is back up and active.

72
00:05:28,570 --> 00:05:32,200
And in fact, that interpreter session that we have over here, if I unless.

73
00:05:33,370 --> 00:05:34,050
Look at that.

74
00:05:35,390 --> 00:05:39,250
Nope, I still have access because I got him before they turned it on, that's a really important thing

75
00:05:39,250 --> 00:05:39,790
to remember.

76
00:05:40,270 --> 00:05:46,130
But in just a few moments, this connection will likely die because the Windows firewall.

77
00:05:46,450 --> 00:05:49,480
And because of that Windows defender.

78
00:05:49,750 --> 00:05:51,450
But this is really important to notice.

79
00:05:51,550 --> 00:05:56,350
Notice that I downloaded and ran this file and paid maternity access.

80
00:05:56,380 --> 00:06:03,370
Then when I turned on the antivirus and turned on the Windows firewall, I still have access to look

81
00:06:03,370 --> 00:06:05,890
at files inside that remote computer.

82
00:06:06,250 --> 00:06:10,030
So that's a really important thing to keep in mind, is that once you get infected, you're gonna have

83
00:06:10,030 --> 00:06:15,100
to turn this computer off, take it off the network, run a full virus scan and then find this virus.

84
00:06:15,280 --> 00:06:16,600
Delete it and take care of it.

85
00:06:16,960 --> 00:06:20,590
But running a good firewall, an antivirus is a great second step.

86
00:06:20,860 --> 00:06:23,740
After being careful what you download and click in the first place.

87
00:06:25,750 --> 00:06:31,480
And then finally, one of the most important things you can do is keep your system up to date.

88
00:06:31,810 --> 00:06:33,780
So run your windows updates.

89
00:06:36,670 --> 00:06:38,240
Check for updates often.

90
00:06:38,290 --> 00:06:41,320
You should do this at least once a month, once a week.

91
00:06:41,350 --> 00:06:46,090
If you do a lot of Web surfing or if you download a lot of files over the Internet, it's a good week,

92
00:06:46,090 --> 00:06:46,360
too.

93
00:06:46,390 --> 00:06:47,080
It's a good thing.

94
00:06:47,080 --> 00:06:55,390
The weekly check for your Windows operating system, your Microsoft Office, Java, or any programming

95
00:06:55,390 --> 00:06:57,370
applications that you might have on your computer.

96
00:06:57,940 --> 00:07:04,510
Definitely any Web browser updates if you don't do this at least once a week.

97
00:07:04,870 --> 00:07:07,030
Sorry if you don't do this at least once a month.

98
00:07:07,390 --> 00:07:09,640
That's a really good thing for you to start doing.

99
00:07:10,000 --> 00:07:15,610
If you make it do a lot of credit card transactions over your computer, if you do a lot of online banking,

100
00:07:15,610 --> 00:07:17,500
it's not a bad idea to do this once a week.

101
00:07:17,900 --> 00:07:25,630
So every Friday before you log off, go do a check for updates, check your Web browser for updates,

102
00:07:25,990 --> 00:07:30,250
check your Microsoft Office for updates.

103
00:07:30,640 --> 00:07:32,630
It's a really good practice to get in the habit of.

104
00:07:32,650 --> 00:07:38,200
So just by doing those three three things, not opening suspicious files, making sure your antivirus

105
00:07:38,290 --> 00:07:43,870
and firewall protection are turned on and updating your operating system and applications often can

106
00:07:43,930 --> 00:07:50,350
keep you safe from as much as 85 percent of the drive by attacks like the ones we've seen here on the

107
00:07:50,350 --> 00:07:50,770
Internet.

108
00:07:51,160 --> 00:07:54,760
So you don't have to be the most secure, the most careful person on the planet.

109
00:07:54,770 --> 00:08:01,240
Just doing those three things can keep you from becoming an easy target or low hanging fruit for an

110
00:08:01,240 --> 00:08:02,830
attacker out on the Internet.

111
00:08:03,310 --> 00:08:07,810
So I hope this has been a really great couple of sections for you on the attack phase and the command

112
00:08:07,810 --> 00:08:13,300
and control phase of hacking into a Windows team computer, seeing how much an attacker can do when

113
00:08:13,300 --> 00:08:14,770
they're on your system remotely.

114
00:08:15,070 --> 00:08:20,440
If you click through and download the wrong file and then it's really easy to keep yourself from being

115
00:08:20,440 --> 00:08:25,660
a target just by being careful what you do online, making sure you've got good protection, and then

116
00:08:25,780 --> 00:08:27,130
checking for updates often.

117
00:08:27,640 --> 00:08:29,070
I hope there's been a great lesson for you.

118
00:08:29,080 --> 00:08:30,760
We will see you in the next section.