1 hour 41 minutes
Hey, guys, Welcome back to the Sabra. Guilty Courson Savary. This is a man name. And today we're going to cover defence in depth using the kill chain.
So we went over the cult in. We went over the Constance, where we gathered as much information as we can about the target and then and face Do we use that information that we gained during reconnaissance to build our weapon, the payload that we used later on to exploit and install on the victim's machine
and delivery. We went over social engineering
and we delivered our payload using a social engineering attack, an exploitation we exploited the human weakness on installed the machine there sold the payload on the victim's machines and face five.
And in physics, we used a massive council meet exploit
to have command and control over our backdoor. The payload, Owens told him, face five.
Finally, reaction on our objectives on got access to the crown jewels. That text file, Luckily in our example, who is in the desktop?
But it's usually not as easy as that.
So we moved to defense and what we want to do in defense. We want to use these defense actions detective denied, disrupt, degrade, deceive and contain ATI at each and every level of the cyber kitchen. So in detective trying to do as an example with
and reconnaissance we trying to detect any reconnaissance
and deny we're trying to deny it in this up to trying to stop it or change it and the greater trunk, reduce or counter attack the attacker
and deceive. We're trying to
either sending force information back during commanding control or send him a fake data during action on objective and contain. We use our design. We designed our network and the segregation in our network to ensure that the attack is contained and the smallest possible
So the best idea to attack something like this or to go through a defense action is to create a matrix. So the matrix should have
the seven phases at the top. So the Constance weaponization delivering exploited store see to his commanding control on action, Jack on objective on the top and then on the other access we have detected denied, stopped the great deceive and contain.
And then we start building our defense in depth. Mother. So this is more off, eh?
a framework that you can use, and I'm gonna leave a copy of this. And the source is Paige
off this matrix, and then you can take this matrix and, based on the threat agents the risk appetite on the budget of your company. Decide what kind of,
uh, controls you want to add. So, as an example in the Constance,
you need to do some Web analytics because it's a fairly passive step. So you want to know what kind of information is out there about company, as we saw in our example, Sabri head, the Web masters or the, UH, system admin information. It's not available.
You also want to have something like a network
intrusion detection toe. Identify any
fingerprinting or any scanning that happens on your system
and deny a strict fire. Old policy is extremely important. You don't want people to have access to your back and servers. So if you have a Web application server, do not allow
a success collectivity remotely something like that
when you add the other way of denying, because again it's a fairly passive.
it's a fairly passive step. Is something like information sharing policy. You want to tell your employees,
what can they and they can't share on the Internet, so you don't want them to put
the fire old mother that years? You don't want them to put what kind of backbone blotters uses on
and this up. Do you want to have something like reporting? You want to raise the awareness of your employees to report any?
the consciousness that is going on three Internet So someone might say, How would they know again, with enough awareness, they would be able to identify that someone is communicating with them or axing the Lincoln Page.
That is a look delicious, at least. So I know of a company or actually organization
that was a victim of a social engineering campaign on one of the social media is one of the employees identified that reported the company and report to the authority. They were able to stop that attack at the recon face. He did not even move on tow. The following stages
A new organization again because of its nature being fairly passive,
there's not a lot that you can do. However, your threat intelligence should be able to identify what kind of threats
are you vulnerable to,
and you want to continue doing the same thing across delivery. Exploit insulation Commanding control on dhe action on objectives You can use something like honey parts. You can privilege access management. Log monitoring is key host, intrusion, detection system and so on. Obviously, this is an example, and it's not
a something that you have to follow. However, The Matrix is a framework that I highly recommend because it would give you an idea. What kind of controls do you have and where are you lacking? Obviously, you want to have as much as much control as possible
and the Matrix. However, due to a risk appetite, a high risk appetite or a low threat on the corporate and a low budget, you might not be able
to, uh, go
through or have controls for each and every one of the faces.
Okay, for our post assessment questions, what are the steps of the defense actions recovered? This we started with the detect, deny, disrupt, degrade, deceive and contain. Second is how do we use the cyber contain and depends.
As I said, if you want to protect
from hacker, you have to think like a hacker. The best way to do that
is to use the Cybercult chain and then in each and every phase you want to detect denied thought, degrade, deceive and contain.
Finally, is the cyber defense matrix the one I showed in the example applicable fuel for all. As I said, the Sabbath defense matrix as a framework is applicable for all. However, the examples that I showed are not necessarily applicable to your organization or the company you work for.
Okay, so today video In today's video, we covered defense. You using the Sabbath kill chain and the next video. We're going to talk about criticism and the unified cybersecurity kill chain on. We're going to conclude our course.
See you then.