Time
8 hours 28 minutes
Difficulty
Beginner
CEU/CPE
10

Video Transcription

00:00
Hello and congratulations on the successful completion of the persistence module of the application of the minor attack framework discussions. So what should we know at this point? Well, we looked at accessibility features, and within that we discussed what that was
00:20
common attack methods. We talked about sticky keys on RTP,
00:24
some mitigation techniques and some detection techniques. We then stepped into boot kits. We describe what those were, how they could be used and again looking at mitigation and detection techniques. We then went through browser extensions, talking about the
00:39
threat actors that took advantage of the Google chrome extensions to steal. Use your information.
00:45
We looked at browser extension as far as what then is defined as, and that it is not limited to just Google chrome, but could be in any browser that allows for the installation of extensions. We then talked about component from where and how it was different in system firmware, and then it involves the
01:03
firmware of components attached
01:04
to the system. Now, within this particular review, we noted that mitigation techniques are quite difficult and training would need to be pretty particular Is far spike forensic level training to potentially detect manipulation of this firmware and of these components.
01:23
We then got into account creation or create account as a persistent mechanism. This is where a threat actor again creates an account in order to pose as a legitimate user or something that would not maybe be out of place if we were viewing that. Typically,
01:40
threat actors create accounts to avoid
01:42
detection mechanisms and Anna virus that may pick up malware and things of that nature that they would use to install backdoors, Trojan, anything of that nature.
01:53
And then we talked about hooking, which is essentially process hooking, and we looked at how that could be used some mitigation techniques and detection techniques as well. We then got into new service where a threat actor came creating new service or inject themselves into a service
02:09
that could allow them to get system level privilege. We talked about mitigation and detection techniques here as well.
02:16
Now I hope you enjoyed the case study. I hope you found it to be a value, and I want to congratulate you again, and I look forward to seeing you again soon.

Up Next

Application of the MITRE ATT&CK Framework

This MITRE ATT&CK training is designed to teach students how to apply the matrix to help mitigate current threats. Students will move through the 12 core areas of the framework to develop a thorough understanding of various access ATT&CK vectors.

Instructed By

Instructor Profile Image
Robert Smith
Director of Security Services at Corsica
Instructor