1
00:00:01,030 --> 00:00:07,740
In this lecture I'd like to talk about a really really cool virtual machine type and cubes.

2
00:00:07,900 --> 00:00:14,230
The final tapes that we haven't spoke about yet is the disposable virtual machines.

3
00:00:14,230 --> 00:00:21,200
Now as the name suggests these machines are designed to allow you to run any files or any data or any

4
00:00:21,200 --> 00:00:23,590
Web sites that you really want to run.

5
00:00:23,660 --> 00:00:28,910
But at the same time you're not sure whether you should trust this data whether you should trust this

6
00:00:28,910 --> 00:00:31,560
file or Web site or not.

7
00:00:31,610 --> 00:00:38,360
The whole idea is when you start a disposable virtual machine cubes will create this virtual machine

8
00:00:38,630 --> 00:00:44,110
unlike what happens with all of the other machines cubes will start an existing machine.

9
00:00:44,210 --> 00:00:51,390
In the case of the disposable virtual machine when you start one cubes will create a new virtual machine.

10
00:00:51,530 --> 00:00:52,500
You will use it.

11
00:00:52,610 --> 00:00:57,990
And then when you're done when you turn it off cubes completely destroys this machine.

12
00:00:58,250 --> 00:01:05,320
So the next time you start a disposable machine you will start a completely new virtual machine.

13
00:01:05,330 --> 00:01:10,400
Now just like all of the other virtual machines this virtual machine is completely isolated.

14
00:01:10,400 --> 00:01:16,730
So if it gets compromised if it gets hacked it uses different resources and different file system.

15
00:01:16,730 --> 00:01:22,730
So it is very difficult for a hacker even if he manages to hack into the disposable virtual machine

16
00:01:22,940 --> 00:01:28,460
to move on and hack into the other virtual machines that you have inside cubes.

17
00:01:28,490 --> 00:01:33,350
Not only that as soon as you turn off this virtual machine like I said the whole virtual machine is

18
00:01:33,350 --> 00:01:34,130
destroyed.

19
00:01:34,130 --> 00:01:41,060
So even if they have some kind of a persistent malware or even if they are trying to exit the disposable

20
00:01:41,060 --> 00:01:46,070
virtual machine and move somewhere else their connection will be completely disconnected because the

21
00:01:46,070 --> 00:01:48,310
whole virtual machine will be destroyed.

22
00:01:49,610 --> 00:01:55,760
So hovering over this just like any other virtual machine we have inside cubes you can see that we can

23
00:01:55,970 --> 00:02:02,660
launch a number of programs mainly Firefox and the terminal and then you can enter the cube settings.

24
00:02:02,660 --> 00:02:04,700
This is pretty much everything you'll need.

25
00:02:04,700 --> 00:02:08,960
So for example let's say you're using your work virtual machine right here.

26
00:02:08,960 --> 00:02:13,380
So I have a Firefox instance in my work domain as you can see here.

27
00:02:13,490 --> 00:02:20,150
And let's say you got an email that appears like it came from an address that you trust whether it's

28
00:02:20,150 --> 00:02:25,460
a friend's address or an address of your boss or an address of a company that you work with.

29
00:02:25,460 --> 00:02:29,540
So you really want to click on a link that's inside this e-mail.

30
00:02:29,570 --> 00:02:36,260
But at the same time you're not sure if this link is safe to click on or not because keep in mind hackers

31
00:02:36,290 --> 00:02:42,170
could have hacked into your boss or into your friend and then sent you that email or they can actually

32
00:02:42,170 --> 00:02:46,990
send emails that look like they're coming from other people and they actually show how to do this in

33
00:02:47,000 --> 00:02:48,710
my social engineering course.

34
00:02:48,770 --> 00:02:53,930
And I showed this off in my talk at the global cybersecurity summit in Orlando.

35
00:02:54,020 --> 00:02:57,860
I will include a link to the talk and the resources of this lecture.

36
00:02:57,860 --> 00:03:01,210
And if you're interested in my other courses check out the bonus lecture.

37
00:03:01,220 --> 00:03:03,770
The last lecture of the course anyway.

38
00:03:04,010 --> 00:03:08,450
So you can get an e-mail that looks like it's coming from an address that you trust.

39
00:03:08,540 --> 00:03:11,070
And the e-mail could ask you to click on a link.

40
00:03:11,180 --> 00:03:15,080
Now clicking on this link could result into you getting hacked.

41
00:03:15,140 --> 00:03:20,540
But at the same time because you trust this address you actually want to click on the link.

42
00:03:20,570 --> 00:03:27,460
So the best solution for this is to go and start Firefox inside a disposable virtual machine.

43
00:03:27,560 --> 00:03:30,890
Like I said this will create a completely new virtual machine.

44
00:03:30,980 --> 00:03:37,950
And inside this completely new virtual machine it will start a Firefox instant and perfect as you can

45
00:03:37,950 --> 00:03:40,050
see we get a normal Firefox browser.

46
00:03:40,560 --> 00:03:44,640
So what you want to do is let's pretend that this is the email that you got.

47
00:03:44,640 --> 00:03:48,000
All you'll have to do is copy the link that you want to open.

48
00:03:48,000 --> 00:03:49,700
You don't want to open it in here.

49
00:03:49,740 --> 00:03:52,410
You just want to click on copy link location.

50
00:03:52,470 --> 00:03:56,900
This will copy it within the clipboard of this virtual machine of the work domain.

51
00:03:57,120 --> 00:04:02,430
So you'll have to do controls shift C to put it in the global clipboard.

52
00:04:02,550 --> 00:04:04,980
Go to the virtual machine where you want to paste it.

53
00:04:05,010 --> 00:04:07,860
Again I cover this in details before I'm doing it quick.

54
00:04:07,860 --> 00:04:11,050
If you don't remember how to do it go and revise that lecture.

55
00:04:11,130 --> 00:04:14,380
So we go to the virtual machine where we want to piece this text.

56
00:04:14,460 --> 00:04:21,000
We're going to do control shift V to paste it in the clipboard of this virtual machine and then control

57
00:04:21,030 --> 00:04:28,110
V to paste it in my URL in here as you can see and I have the link right now in here so all I have to

58
00:04:28,110 --> 00:04:36,630
do is just hit enter and that to load the link for me inside this completely isolated disposable virtual

59
00:04:36,630 --> 00:04:37,440
machine.

60
00:04:37,470 --> 00:04:43,410
So let's assume that this link exploits some kind of a vulnerability that will allow the hacker to hack

61
00:04:43,500 --> 00:04:44,970
into my computer.

62
00:04:44,970 --> 00:04:51,000
They will gain control over this disposable virtual machine but they won't be able to exit out of it

63
00:04:51,120 --> 00:04:52,680
and do anything else.

64
00:04:52,710 --> 00:04:59,640
And then as soon as I click on the X in here the whole virtual machine will be shut down and it will

65
00:04:59,640 --> 00:05:00,690
be destroyed.

66
00:05:00,690 --> 00:05:07,440
So the next time I run a disposable virtual machine I'll actually be running a completely new virtual

67
00:05:07,440 --> 00:05:13,750
machine that does not contain the malware even if it was downloaded using the previous session.

68
00:05:14,880 --> 00:05:16,230
So that's really really cool.

69
00:05:16,320 --> 00:05:17,470
But it doesn't stop there.

70
00:05:17,700 --> 00:05:22,590
Let's assume that you really want to open this file but at the same time this file is downloaded from

71
00:05:22,590 --> 00:05:24,250
the Internet or from an e-mail.

72
00:05:24,330 --> 00:05:27,840
So you can't really trust it even if it's coming from a trusted e-mail.

73
00:05:27,840 --> 00:05:33,810
Like I said someone could have hacked into the account that sent you the email or someone could be pretending

74
00:05:33,810 --> 00:05:35,560
to be that e-mail but they're not.

75
00:05:36,210 --> 00:05:42,330
So if you really want to open this file all you have to do is right click the file instead of clicking

76
00:05:42,420 --> 00:05:43,940
open with libre office.

77
00:05:44,070 --> 00:05:52,140
You want to go to view in a disposable virtual machine clicking on this will create a completely new

78
00:05:52,140 --> 00:05:58,370
virtual machine like we seen before and then opens the file inside this disposable virtual machine.

79
00:05:58,440 --> 00:06:03,720
And once you close it the whole virtual machine will be destroyed the file will be removed from the

80
00:06:03,720 --> 00:06:04,730
virtual machine.

81
00:06:04,830 --> 00:06:10,890
And even if the file contained malware the malware will not be able to exit that virtual machine and

82
00:06:10,920 --> 00:06:18,220
affect your work computer in here because again they are two completely separate operating systems.

83
00:06:18,420 --> 00:06:20,880
Now I'm not going to show you that because it's very simple.

84
00:06:20,880 --> 00:06:27,360
All you have to do is literally click on view in a disposable virtual machine and it will work as expected.

85
00:06:27,360 --> 00:06:32,700
What I really want to show you and what I think is really cool is the edit and a disposable virtual

86
00:06:32,700 --> 00:06:34,170
machine option.

87
00:06:34,200 --> 00:06:41,580
So with this option again it'll create a new disposable virtual machine but it will open the file for

88
00:06:41,640 --> 00:06:42,710
editing for me.

89
00:06:43,410 --> 00:06:46,380
This way not only I'll be able to read the file.

90
00:06:46,500 --> 00:06:53,400
I'll also be able to edit the file save it make changes to it for example if I was asked to fill something

91
00:06:53,460 --> 00:06:57,480
or to sign the file I'll be able to do that.

92
00:06:57,480 --> 00:07:02,390
So for example let's just type test and I'm gonna do control as to save it.

93
00:07:02,430 --> 00:07:10,380
We'll keep it to Microsoft Word 97 format and now I can go ahead and send this file back knowing that

94
00:07:10,410 --> 00:07:15,360
even if this file contained malware it did not affect my domain.

95
00:07:15,390 --> 00:07:20,040
Now just to show you you're not supposed to do this but just to show you that the changes were saved.

96
00:07:20,040 --> 00:07:25,960
I'm gonna double click this file just to open it here just to save time and we have it here.

97
00:07:26,070 --> 00:07:31,500
And as you can see what I added in here test it saved and it is contained within the document.

98
00:07:31,980 --> 00:07:36,110
So this way not only that you can view documents safely.

99
00:07:36,180 --> 00:07:44,550
You can also edit them safely without affecting the security domain that you're working in and if this

100
00:07:44,550 --> 00:07:50,640
wasn't enough there is another really cool feature that you can do for images and for PDX.

101
00:07:51,030 --> 00:07:57,360
This really cool feature allows you to not only view the file in a different disposable virtual machine

102
00:07:57,720 --> 00:08:02,240
but you can also convert the file to a trusted PPF.

103
00:08:02,790 --> 00:08:08,460
So again regardless of how you got this PPF whether you got it from a friend from an email from the

104
00:08:08,460 --> 00:08:14,040
Internet let's assume that you have a PDA that you really really want to run what you can do is you

105
00:08:14,040 --> 00:08:16,920
can right click and view in a disposable virtual machine.

106
00:08:16,920 --> 00:08:21,870
That's fine or you can click on convert to a trusted PDA.

107
00:08:22,710 --> 00:08:28,380
What this will do is it will first of all create a new disposable virtual machine that will copy the

108
00:08:28,400 --> 00:08:30,730
PDA to this new virtual machine.

109
00:08:30,830 --> 00:08:38,100
It will use a complex process in order to make sure that the PDA contains no malware and also completely

110
00:08:38,100 --> 00:08:41,100
destroyed the PDA F and convert the data.

111
00:08:41,100 --> 00:08:47,010
And this PDA F into images at the end you'll notice we have a new file in here.

112
00:08:47,040 --> 00:08:50,170
This is called sample dot trusted dot PDA.

113
00:08:50,190 --> 00:08:52,740
So it added the word trust it to our PDA.

114
00:08:53,200 --> 00:08:58,860
And this PDA right here is a completely clean version of the original PDA F.

115
00:08:58,950 --> 00:09:05,460
So not only that we can open this PDA F in our current domain safely knowing that it contains no malware

116
00:09:05,820 --> 00:09:08,280
but you can also go ahead and send it to others.

117
00:09:08,280 --> 00:09:13,230
So let's assume you need to send this to a colleague or to a friend but you're not sure of this PDA

118
00:09:13,290 --> 00:09:20,160
fiscally and then this way you can clear the PDA off and make sure that it contains no malware.

119
00:09:20,160 --> 00:09:22,970
At the same time you can find the original PDA.

120
00:09:23,010 --> 00:09:30,470
If you go to Home and scroll down you'll see we have a new directory called cubes untrusted PDA Fs.

121
00:09:30,510 --> 00:09:39,000
And in here you'll see the original PDA eff that we converted to a trusted PDA F so that's it for now.

122
00:09:39,150 --> 00:09:45,780
I think this is a really really cool feature and cubes and it can really prevent a lot of attacks because

123
00:09:45,780 --> 00:09:51,480
like I said hackers can hack into your friends or into your colleagues or into other companies accounts

124
00:09:51,810 --> 00:09:56,300
and then social engineer you into clicking on links or downloading files.

125
00:09:56,460 --> 00:10:01,110
And this happens all the time and companies and like I said I showed off a lot of these scenarios in

126
00:10:01,110 --> 00:10:03,270
my global cybersecurity summit.

127
00:10:03,270 --> 00:10:05,640
So if you're interested go have a look on that.

128
00:10:05,640 --> 00:10:11,160
I will include a link to the video in the resources and basically at the end of it a lot of people were

129
00:10:11,160 --> 00:10:13,350
asking so how can we prevent this.

130
00:10:13,350 --> 00:10:15,810
Well the only solution is first of all education.

131
00:10:15,810 --> 00:10:21,990
Educate the employees but at the same time like I said you might get a file a document or a link from

132
00:10:21,990 --> 00:10:23,970
someone that you trust.

133
00:10:23,970 --> 00:10:28,230
And even though you might think that this could be suspicious at the same time you forget.

134
00:10:28,350 --> 00:10:32,550
If you're getting this from your boss or if you're getting this from a company that should do business

135
00:10:32,550 --> 00:10:38,880
with you really need to open the file anyway or if you're a security researcher again in many cases

136
00:10:38,880 --> 00:10:40,680
you want to open the file anyway.

137
00:10:40,680 --> 00:10:44,580
So this is a really really good way of handling untrusted files.