Time
8 hours 28 minutes
Difficulty
Beginner
CEU/CPE
10

Video Transcription

00:00
hello and welcome to another application of the minor attack framework discussion. Today, we're going to be looking at audio capture, so the objectives of today's discussion are pretty straight forward. We're going to describe what audio capture is, and it's very short description.
00:17
We're gonna look at some mitigation techniques detection techniques, and then we've got
00:21
a piece of ah, malware or a tool that we're gonna fit in between these two areas.
00:26
Now, audio capture is essentially when a threat actor uses computer devices such as microphones, webcams or applications such as voice Oh, or video calls to capture audio recordings. And this is in the hopes that sensitive information can be collected. And so there's
00:45
nifty little Webcam covers. And for those of us that are paranoid enough to unplug our microphones and things of that nature when they're not in use,
00:52
this is for you. Now
00:55
There is a one of many pieces of Mao out there called Ben Duke, and so this is a commercially available rat. It's written in Delfay, and it's got some different capabilities, and so it has the ability to capture audio. It can spawn Windows Command. Shell has the ability to conduct key logging. It can replace IE Explorer
01:15
with a bend payload, and it can capture information from the victim's webcam. Now I've seen a number of other tool sets and things that nature that you can use in a similar fashion. Typically, you're not one for one, where you have a piece of malware that is just for audio capture or video capture. Their typically multifaceted pieces.
01:34
Uh, now where now
01:38
something that you're going to see often as we get into the later portions of the framework and what we're going to be looking at is that there aren't a lot of mitigating factors. Now. There are things like network intrusion prevention that you can use to help kind of identify threat actor activities
01:57
and do things of that nature. But in some cases, due to the way that these vectors work,
02:02
it's not easy to detect the threat actor in the act of actually doing some of those things. And so for those areas, we're just going to indicate that in user awareness, training to reduce the risk of infection is going to be one of our primary mitigating factors. If you don't get an infection if you don't fall for the phishing email. If you don't try to download the
02:23
free version of software,
02:25
the chances are you can avoid a lot of risk that would would eventually lead to these types of infections.
02:31
Now
02:34
detection techniques. In this case, we're going to be looking for unusual processes. Accessing AP eyes associate ID with devices or software that interact with peripheral devices being in like window AP and things of that nature. They're calling
02:46
for microphones or webcams, and we're not actually actively using those devices. And so there are some things that we can do to potentially detect
02:54
activity associated with listening in on these devices.
02:59
But again, that would likely have to be correlated with a broader set of data in order to validate whether or not we actually have a threat Actor on the network. Now let's do a quick check on learning. True or false audio capture is when the microphone on a system captures sound
03:19
all right. Well, if you need some additional time, please pause the video. So in the instance of this statement, audio capture is wind, sound or system sound is captured with the microphone,
03:30
and so This is a true statement, you may have thought. Okay, well, it is also when a webcam captures video and things of that nature. Yes, that is true as well. But in the context of this statement, audio capture is when the microphone on assisted captures audio. That is a true statement as well.
03:50
So let's go ahead and pop over to the summary for today's discussion.
03:53
So we looked at audio capture again at a high level just within minor. It's when we capture audio webcam information, other application types of information
04:03
in the hopes of finding the secret secret sauce that will help us either make money or get a leg up. We also looked at Mandoki Air in the middle again. Remote access Trojan Multifaceted got a few things that it could do with audio capture video being one of those things
04:19
again, mitigation techniques in this case are really going to be limited to
04:25
ah and user awareness training. And so really, being able to spot and identify the threat and raise the flag is going to be important here. And really, that's going to be what helps you to mitigate the risk of these threat actors being able to get to this point. And then we looked at detection techniques, really looking for unusual calls,
04:44
unusual activity that would be associated with Web cams
04:47
and microphones.
04:48
So with that in mind, I want to thank you for your time today, and I look forward to seeing you again soon.

Up Next

Application of the MITRE ATT&CK Framework

This MITRE ATT&CK training is designed to teach students how to apply the matrix to help mitigate current threats. Students will move through the 12 core areas of the framework to develop a thorough understanding of various access ATT&CK vectors.

Instructed By

Instructor Profile Image
Robert Smith
Director of Security Services at Corsica
Instructor