3.3 What to Look for During Reconnaissance - UA

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

2 hours 25 minutes
Video Transcription
in the last video, we talked about disguising attacks and how Attackers do that in the perspective of the victims and the perspective of the machines these devices get plugged into
in this video, we'll be talking about reconnaissance and what questions Attackers have to answer in order to make their attacks more targeted and successful.
Now, before we talk about reconnaissance or re Kon for short, we really have to define what that ISS And that was a term that was borrowed from the military. And what it basically means is to go behind enemy lines into enemy territory and see what's going on there. What what
countermeasures do they have? What are their weaknesses
now in terms of cybersecurity that can be done physically or virtually
now? Any good attacker will not only put a great deal of thought to the theater tax they build, but and actually recording and deploying their devices.
And they're really beauty is several things and attacker will do during their constants phase.
Um, now, if Attacker does a poor job in this face, it doesn't really matter how much effort they put into their actual attack. If if the victim doesn't take it or if the victim puts it in the wrong machine.
So they really have to figure out ways to
increase the odds of making these attacks successful.
Now planning is it can very based on the attack, so it really can
very on. You know, the types targets other factors. So there's really not a completely logical order that re Kon happens. It's really dependent on what, what what the attacker wants to do. So planning may may vary on certain types of attacks.
You know, there are several things an attacker has to answer during the reconnaissance systems to make their tax more successful.
Ah, first they really have to ask a lot of questions about the target. So who's gonna be my victim? Who's gonna be my target?
And if it's against a single individual? Um, this is a very easy step. It's answered very quickly. But if, for example, the attack is gonna go after a large multinational corporation, this this step can take a lot more legwork.
We'll have to and ask the question, uh, who's a victim that would be more likely to plug in a device into the machine
and does this victim have the machine with the information I need or does. This machine is this the machine I want to attack?
And that could be difficult to answer and requires a lot of work If if you have a large corporation that you're going after,
they also have to ask questions about the target itself. A cz Well,
um, a CZ. You know, attacks have to be really tailor made and intact. Really? Has to know. First of all, what what's the operating system? Is it when does is a Mac is Lennox So the tack rest Answer that and really tailor their attack to that machine.
Um, if if the attack is going to use h i d spoofing, they really have to know how fast's machine. Um, if if the machine is really slow and they make a fast attack, Well, that's really not gonna work. So they have to figure that out as well.
Also, they have to see how is thes machines protective. Do they have any sort of anti virus firewall intrusion prevention system? Um, that would be good to know, because maybe they're attack would work on some anti virus programs. Maybe it won't on others. So they really have to know that
another good question answers there a security on call, basically a a dedicated team that looks for attacks. And this could be very important because even if they circumvent some things, they have someone on call that
knows to look for these attacks. It could be
very tricky.
Another very important thing to ask is, Where am I gonna leave these devices? Eyes it? Can you just leave them anywhere? Or do they have to be very specific place?
It's really that goes back to the victim. Like where the victim's concrete. Can I put them where they congregate? Or do I need actually leave it on their desk? So it's very important to know Ah, good place to put them.
Uh uh. Additionally, it's
if the attacker wants to leave it saying they're dusk, they have passed themselves. Well, let's get me caught.
That's the last thing an attacker wants to do is get caught, especially with a device that has malicious files or code on them, because that could be very incriminating and actually get them thrown in jail. So it's very important the Attackers to their legwork and re kon before the
actually deploy their attacks
Up Next