1
00:00:00,000 --> 00:00:07,000
In this lecture, I'd like to talk about a really, really cool virtual machine type and cubes.

2
00:00:07,000 --> 00:00:13,000
The final type that we haven't spoke about yet is the disposable virtual machines.

3
00:00:13,000 --> 00:00:20,000
Now, as the name suggests, these machines are designed to allow you to run any files or any data or

4
00:00:20,000 --> 00:00:23,000
any websites that you really want to run.

5
00:00:23,000 --> 00:00:28,000
But at the same time, you're not sure whether you should trust this data or whether you should trust

6
00:00:28,000 --> 00:00:30,000
this file or website or not.

7
00:00:31,000 --> 00:00:38,000
The whole idea is when you start a disposable virtual machine, cubes will create this virtual machine,

8
00:00:38,000 --> 00:00:41,000
unlike what happens with all of the other machines.

9
00:00:41,000 --> 00:00:43,000
Cubes will start an existing machine.

10
00:00:44,000 --> 00:00:47,000
In the case of the disposable virtual machine, when you start one.

11
00:00:47,000 --> 00:00:51,000
Cubes will create a new virtual machine.

12
00:00:51,000 --> 00:00:52,000
You will use it.

13
00:00:52,000 --> 00:00:58,000
And then when you're done, when you turn it off, cubes completely destroys this machine.

14
00:00:58,000 --> 00:01:04,000
So the next time you start a disposable machine, you will start a completely new virtual machine.

15
00:01:05,000 --> 00:01:10,000
Now, just like all of the other virtual machines, this virtual machine is completely isolated.

16
00:01:10,000 --> 00:01:16,000
So if it gets compromised, if it gets hacked, it uses different resources and different file system.

17
00:01:16,000 --> 00:01:22,000
So it is very difficult for a hacker, even if he manages to hack into the disposable virtual machine

18
00:01:22,000 --> 00:01:27,000
to move on and hack into the other virtual machines that you have inside cubes.

19
00:01:28,000 --> 00:01:33,000
Not only that, as soon as you turn off this virtual machine, like I said, the whole virtual machine

20
00:01:33,000 --> 00:01:34,000
is destroyed.

21
00:01:34,000 --> 00:01:41,000
So even if they have some kind of a persistent malware, or even if they are trying to exit the disposable

22
00:01:41,000 --> 00:01:46,000
virtual machine and move somewhere else, their connection will be completely disconnected because the

23
00:01:46,000 --> 00:01:48,000
whole virtual machine will be destroyed.

24
00:01:49,000 --> 00:01:55,000
So over and over this, just like any other virtual machine we have inside cubes, you can see that

25
00:01:55,000 --> 00:02:01,000
we can launch a number of programs, mainly Firefox and the terminal, and then you can enter the cube

26
00:02:01,000 --> 00:02:01,000
settings.

27
00:02:02,000 --> 00:02:04,000
This is pretty much everything you'll need.

28
00:02:04,000 --> 00:02:08,000
So for example, let's say you're using your work virtual machine right here.

29
00:02:08,000 --> 00:02:13,000
So I have a Firefox instance in my work domain, as you can see here.

30
00:02:13,000 --> 00:02:20,000
And let's say you got an email that appears like it came from an address that you trust, whether it's

31
00:02:20,000 --> 00:02:25,000
a friend's address or an address of your boss or an address of a company that you work with.

32
00:02:25,000 --> 00:02:31,000
So you really want to click on a link that's inside this email, but at the same time, you're not sure

33
00:02:31,000 --> 00:02:34,000
if this link is safe to click on or not.

34
00:02:34,000 --> 00:02:39,000
Because keep in mind, hackers could have hacked into your boss or into your friend and then sent you

35
00:02:39,000 --> 00:02:40,000
that email.

36
00:02:40,000 --> 00:02:45,000
Or they can actually send emails that look like they're coming from other people.

37
00:02:45,000 --> 00:02:48,000
And I actually show how to do this in my social engineering course.

38
00:02:48,000 --> 00:02:53,000
And I showed this off in my talk at the Global Cybersecurity Summit in Orlando.

39
00:02:53,000 --> 00:02:57,000
I will include a link to the talk in the resources of this lecture.

40
00:02:57,000 --> 00:03:02,000
And if you're interested in my other courses, check out the bonus lecture, the last lecture of the

41
00:03:02,000 --> 00:03:08,000
course anyway, so you can get an email that looks like it's coming from an address that you trust,

42
00:03:08,000 --> 00:03:11,000
and the email could ask you to click on link.

43
00:03:11,000 --> 00:03:16,000
Now clicking on this link could result into you getting hacked, but at the same time, because you

44
00:03:16,000 --> 00:03:20,000
trust this address, you actually want to click on the link.

45
00:03:20,000 --> 00:03:27,000
So the best solution for this is to go and start Firefox inside a disposable virtual machine.

46
00:03:27,000 --> 00:03:30,000
Like I said, this will create a completely new virtual machine.

47
00:03:30,000 --> 00:03:35,000
And inside this completely new virtual machine, it will start a Firefox instant.

48
00:03:36,000 --> 00:03:37,000
And perfect.

49
00:03:37,000 --> 00:03:40,000
As you can see, we get a normal Firefox browser.

50
00:03:40,000 --> 00:03:44,000
So what you want to do is let's pretend that this is the email that you got.

51
00:03:44,000 --> 00:03:47,000
All you'll have to do is copy the link that you want to open.

52
00:03:47,000 --> 00:03:49,000
You don't want to open it in here.

53
00:03:49,000 --> 00:03:52,000
You just want to click on copy link location.

54
00:03:52,000 --> 00:03:56,000
This will copy it within the clipboard of this virtual machine of the work domain.

55
00:03:56,000 --> 00:04:03,000
So you'll have to do control shift C to put it in the global clipboard, go to the virtual machine where

56
00:04:03,000 --> 00:04:05,000
you want to paste it again.

57
00:04:05,000 --> 00:04:07,000
I covered this in details before, so I'm doing it quick.

58
00:04:07,000 --> 00:04:10,000
If you don't remember how to do it, go and revise that lecture.

59
00:04:10,000 --> 00:04:14,000
So we go to the virtual machine where we want to paste this text.

60
00:04:14,000 --> 00:04:20,000
We're going to do Control Shift V to paste it in the clipboard of this virtual machine and then Control

61
00:04:21,000 --> 00:04:23,000
V to paste it in my URL.

62
00:04:23,000 --> 00:04:28,000
And here, as you can see, and I have the link right now in here, so all I have to do is just hit

63
00:04:28,000 --> 00:04:37,000
enter and that'll load the link for me inside this completely isolated, disposable virtual machine.

64
00:04:37,000 --> 00:04:43,000
So let's assume that this link exploits some kind of a vulnerability that will allow the hacker to hack

65
00:04:43,000 --> 00:04:44,000
into my computer.

66
00:04:44,000 --> 00:04:50,000
They will gain control over this disposable virtual machine, but they won't be able to exit out of

67
00:04:50,000 --> 00:04:52,000
it and do anything else.

68
00:04:52,000 --> 00:04:59,000
And then as soon as I click on the X in here, the whole virtual machine will be shut down and it will

69
00:04:59,000 --> 00:05:00,000
be destroyed.

70
00:05:00,000 --> 00:05:07,000
So the next time I run a disposable virtual machine, I'll actually be running a completely new virtual

71
00:05:07,000 --> 00:05:13,000
machine that does not contain the malware, even if it was downloaded using the previous session.

72
00:05:14,000 --> 00:05:17,000
So that's really, really cool, but it doesn't stop there.

73
00:05:17,000 --> 00:05:22,000
Let's assume that you really want to open this file, but at the same time this file is downloaded from

74
00:05:22,000 --> 00:05:27,000
the internet or from an email, so you can't really trust it, even if it's coming from a trusted email.

75
00:05:27,000 --> 00:05:33,000
Like I said, someone could have hacked into the account that sent you the email, or someone could

76
00:05:33,000 --> 00:05:35,000
be pretending to be that email, but they're not.

77
00:05:36,000 --> 00:05:40,000
So if you really want to open this file, all you have to do is right click the file.

78
00:05:41,000 --> 00:05:48,000
Instead of clicking open with Lever Office, you want to go to view in a disposable virtual machine.

79
00:05:49,000 --> 00:05:55,000
Clicking on this will create a completely new virtual machine like we seen before, and then opens the

80
00:05:55,000 --> 00:05:58,000
file inside this disposable virtual machine.

81
00:05:58,000 --> 00:06:02,000
And once you close it, the whole virtual machine will be destroyed.

82
00:06:02,000 --> 00:06:07,000
The file will be removed from the virtual machine, and even if the file contained malware, the malware

83
00:06:07,000 --> 00:06:14,000
will not be able to exit that virtual machine and affect your work computer in here because again,

84
00:06:14,000 --> 00:06:17,000
they are two completely separate operating systems.

85
00:06:18,000 --> 00:06:20,000
Now, I'm not going to show you that because it's very simple.

86
00:06:20,000 --> 00:06:26,000
All you have to do is literally click on view in a disposable virtual machine, and it will work as

87
00:06:26,000 --> 00:06:27,000
expected.

88
00:06:27,000 --> 00:06:33,000
What I really want to show you and what I think is really cool is the edit in a disposable virtual machine

89
00:06:33,000 --> 00:06:33,000
option.

90
00:06:33,000 --> 00:06:40,000
So with this option, again, it will create a new disposable virtual machine, but it will open the

91
00:06:40,000 --> 00:06:42,000
file for editing.

92
00:06:42,000 --> 00:06:49,000
For me this way, not only I'll be able to read the file, I'll also be able to edit the file, save

93
00:06:49,000 --> 00:06:50,000
it, make changes to it.

94
00:06:50,000 --> 00:06:57,000
For example, if I was asked to fill something or to sign the file, I'll be able to do that.

95
00:06:57,000 --> 00:07:02,000
So for example, let's just type test and I'm going to do control as to save it.

96
00:07:02,000 --> 00:07:05,000
We'll keep it at Microsoft Word 97 format.

97
00:07:05,000 --> 00:07:12,000
And now I can go ahead and send this file back knowing that even if this file contained malware, it

98
00:07:12,000 --> 00:07:14,000
did not affect my domain.

99
00:07:15,000 --> 00:07:19,000
Now, just to show you you're not supposed to do this, but just to show you that the changes were saved,

100
00:07:19,000 --> 00:07:23,000
I'm going to double click this file just to open it here, just to save time.

101
00:07:23,000 --> 00:07:25,000
And we have it here.

102
00:07:25,000 --> 00:07:31,000
And as you can see what I added in here, test it saved and it is contained within the document.

103
00:07:31,000 --> 00:07:39,000
So this way, not only that, you can view documents safely, you can also edit them safely without

104
00:07:39,000 --> 00:07:42,000
affecting the security domain that you're working in.

105
00:07:43,000 --> 00:07:49,000
And if this wasn't enough, there is another really cool feature that you can do for images and for

106
00:07:49,000 --> 00:07:50,000
PDFs.

107
00:07:50,000 --> 00:07:57,000
This really cool feature allows you to not only view the file in a different disposable virtual machine,

108
00:07:57,000 --> 00:08:02,000
but you can also convert the file to a trusted PDF.

109
00:08:02,000 --> 00:08:08,000
So again, regardless of how you got this PDF, whether you got it from a friend, from an email, from

110
00:08:08,000 --> 00:08:12,000
the internet, let's assume that you have a PDF that you really, really want to run.

111
00:08:12,000 --> 00:08:16,000
What you can do is you can right click and view in a disposable virtual machine.

112
00:08:16,000 --> 00:08:17,000
That's fine.

113
00:08:17,000 --> 00:08:22,000
Or you can click on convert to a trusted PDF.

114
00:08:22,000 --> 00:08:27,000
What this will do is it will, first of all, create a new disposable virtual machine.

115
00:08:27,000 --> 00:08:30,000
It will copy the PDF to this new virtual machine.

116
00:08:30,000 --> 00:08:38,000
It will use a complex process in order to make sure that the PDF contains no malware and also completely

117
00:08:38,000 --> 00:08:43,000
destroy the PDF and convert the data and this PDF into images.

118
00:08:43,000 --> 00:08:46,000
At the end you'll notice we have a new file in here.

119
00:08:46,000 --> 00:08:52,000
This is called sample dot trusted dot pdf, so it added the word trusted to our pdf.

120
00:08:53,000 --> 00:08:58,000
And this pdf right here is a completely clean version of the original PDF.

121
00:08:58,000 --> 00:09:05,000
So not only that we can open this PDF in our current domain safely knowing that it contains no malware,

122
00:09:05,000 --> 00:09:08,000
but you can also go ahead and send it to others.

123
00:09:08,000 --> 00:09:11,000
So let's assume you need to send this to a colleague or to a friend.

124
00:09:11,000 --> 00:09:18,000
But you're not sure if this PDF is clean, then this way you can clean the PDF and make sure that it

125
00:09:18,000 --> 00:09:19,000
contains no malware.

126
00:09:20,000 --> 00:09:22,000
At the same time, you can find the original PDF.

127
00:09:22,000 --> 00:09:30,000
If you go to home and scroll down, you'll see we have a new directory called Cubes Untrusted PDFs,

128
00:09:30,000 --> 00:09:36,000
and in here you'll see the original PDF that we converted to a trusted pdf.

129
00:09:37,000 --> 00:09:39,000
So that's it for now.

130
00:09:39,000 --> 00:09:45,000
I think this is a really, really cool feature in Cubes and it can really prevent a lot of attacks because

131
00:09:45,000 --> 00:09:51,000
like I said, hackers can hack into your friends or into your colleagues or into other companies accounts

132
00:09:51,000 --> 00:09:56,000
and then social engineer you into clicking on links or downloading files.

133
00:09:56,000 --> 00:09:58,000
And this happens all the time in companies.

134
00:09:58,000 --> 00:10:03,000
And like I said, I showed off a lot of these scenarios in my global cybersecurity summit.

135
00:10:03,000 --> 00:10:05,000
So if you're interested, go have a look on that.

136
00:10:05,000 --> 00:10:10,000
I will include the link to the video in the resources and basically at the end of it, a lot of people

137
00:10:10,000 --> 00:10:13,000
were asking, so how can we prevent this?

138
00:10:13,000 --> 00:10:17,000
Well, the only solution is, first of all, education, educate the employees.

139
00:10:17,000 --> 00:10:23,000
But at the same time, like I said, you might get a file or document or a link from someone that you

140
00:10:23,000 --> 00:10:23,000
trust.

141
00:10:23,000 --> 00:10:28,000
And even though you might think that this could be suspicious, at the same time, you forget if you're

142
00:10:28,000 --> 00:10:33,000
getting this from your boss or if you're getting this from a company that you do business with, you

143
00:10:33,000 --> 00:10:35,000
really need to open the file anyway.

144
00:10:35,000 --> 00:10:40,000
Or if you're a security researcher again, in many cases you want to open the file anyway.

145
00:10:40,000 --> 00:10:44,000
So this is a really, really good way of handling untrusted files.