Hey, guys, Welcome to another episode of the SS CP exam Prep Siri's I'm your host, Peter Simple in this is going to be the first lesson off the seventh domain and it's all about application security.
In this lesson. We will take a look at the C I A Triad. We took a look at this all the way back in the first of May be Run. Take a look at it again and see how every form off this tryout, every element, the confidentiality, integrity and availability of cybersecurity
applies the Mount Cud.
One of the most important activities that an S S C T practitioner does on a daily basis is to identify and analyze malicious code.
Remember this triangle this confidentiality, integrity and availability triangle, which represents the pillar of all cyber security?
if you didn't know it already, malware poses a direct threat to this triangle.
Malware applies to every single aspect off this triangle. So with confidentiality, if Matt where in fact, a computer and it can give an attacker access to sensitive information and it would be a breach of confidentiality
if malware affects a computer and payload dropped which disrupts systems. That kid's a breach of integrity.
And if malware denies other people access to computer or computer resource is, then that is a breach of bail bill.
Now, unfortunately, when it comes to nap malware, there are no international naming conventions. Everyone seems that kind of
do their own thing when it comes to map. Where now some some pieces of malware or malicious software are you have the same name and used by everyone. Those were the most famous once, whereas with most pieces, it could be named after
after the person who discovered it, or whatever the
researcher was drinking that night when they discovered it. Or, you know, the corporations might have their own conventional naming system
there's no. Unfortunately, there's no riel naming standard. There is Caro, which is the computer anti virus research organization, so this was established to help organize and classify malicious code. But not everybody uses this. This is loose, loosely used at best, So
the way I can row divides
off the classification is they want to set it up by platform, so that would be doesn't run on Windows. Lennox. Mac, I want to go to toilet, visit a worm virus Trojan, and they want to give it a family name of variant with the modifier and sometimes a saw fix, which is the
So, for example, you have this worm that was discovered in the wild this w 32 while it back
And it kind of follows the car. A naming standards right to the platform is W 32 so that means it impacts all Windows 32 bit operating systems. This is things like Windows 95 98 Windows 2000 and X P and Fist.
I did say it's a worm. It's not listed here, but the type is a worm. The family name is Walter. That
and the variant is D. So if this would be the fourth
burying in this particular family, the way variants are named there named a B. C. D. It's so want to see. And then if there's another one after see it goes back up to the top and it goes a a B A C, and so one.
So in order to talk about now we're properly we need to know different types of malware and a lot of terminology associated with malware. So the first inspector. So this is how the transmission of malware happens? The right does. It is the vector. Email doesn't come through. Email is the,
you know, the factor coming through the network or something like that. How how does the now where
the payload? This is the primary action off the malicious code. This is This is what the main job of the piece of malware is. What spooks to do.
A virus is malicious software that infects a host file in order to spread. People seem to consider a virus to cu cover all types of malware, but it's actually not the case. The virus is very specific, Tun Myat, where you have a logic bomb, which is simply not where that executes
when certain conditions are met.
So if there's a piece of malware that scheduled to execute on, you know, one day at 9 a.m. Now when Monday at 9 a.m. Happens then boom. The execution takes place and then you have a worm, which is malware that clones itself in order to spread.
You have true Asians This is the mount where that pretends it's something that it's not some more to the Trojan horse off the Greeks,
you have a dropper, which is really just the file, which installs malicious code on a computer.
A key logger is a clump of Trojan has used to capture data that has been keyed in on the system. From there, the day that can be sent back to an attacker through email or another way, you have a body which is really short for robots, and this is malicious code that is, um,
being manipulated and controlled
by an attacker. Bots are also noon, sometimes as drones or zombies.
You had a file in factor.
These just viruses that infect files.
You have macro viruses, which really are focused on Microsoft Office products. These thieves Macron's were usually constructed out of the like Phoebe es and could be used to execute different things. And then you have the boot sector virus,
which is a virus which spreads itself by copying to the master boot record, which is the unalterable part of starting up a computer for the first time.
Matt, where it's considered your root kit, is simply malware, which maintains and is always seeking to have Maur elevated privileges on a computer. They accomplish this by being stealthy.
Um, if a room, if you don't over kids on your computer than the root kit is doing its job, there's really four types off Windows brood kits. There is the persistent mood this activates every time the system starts.
There's the memory based, which doesn't have any persistent code but resides more or less and ram. So when you shut down your computer, or if you restart it, then, uh, this one will go away.
You have user mood, which will manipulate system calls the applications make on a computer. And then you have Colonel Mood Room kids, which are the hardest ones
to fight against. And they're more powerful than any type of user mode. Rude kid, because
if it gets into the Colonel, which is the, you know, small part of the operating system, that it has the same privileges that is as an admin and can do all types of things. So in order to combat root kits, they're our scanners. Scanners work to detect and remove malicious types of
code at his couple different kinds
of scanners. The first, um, is considered to be the first generation off scanner, so this is known as just a simple scanner so that these scanners require a malware signature. Thio identify the type of malware. But remember, the signature is just a string
of characters or some cud that
is associated with the mouth where the second generation is a little bit better. It's a heuristic scanner,
so three juristic scanners look for little bits of code fragments. Thio
Look for malware if it sees some kook that's usually associate ID with malware than it will make an attempt to block it.
The third generation is activity traps now. Activity traps focus on what is being done like so it focuses on actions that are usually associate ID with mount where
and finally the fourth generation is considered to be a full featured protection scanner. Thes air really packages consisting of a variety of anti virus techniques that are used together
on the end. These types of techniques are usually things such as like scanning activity, traffic components and more or less combined the three generations of scanners before into one
so inward to combat malware Besides just scanning for it, you can have code signing. So this confirms the authenticity off software through the use of digital signatures. Um, remember And when? So when you're downloading kun, you want to make sure
that the application you're installing or downloading
is the one that's actually coming from the company, and it has not been modified in any way. This can be done through digital signature. So the digital signature,
um, you you can get before this offer gets installed. And then you compare that with the digital signature off the software and if they're the same that you know that the software has not been altered in any way.
There's also saying boxing this is an isolated environment where suspicious code could be tested to see how it will react. So if you get a file in an email and you're not sure if it's malicious or not, or if you're not sure if there's anything we're with the father, you can send it to the sandbox,
and then when you're in the sandbox, you can open the file on dhe, see if anything happened.
It also static code analysis. This is coup that is looked at manually by humans to find security errors, which won't get picked up. Uh, when when the code gets compiled,
it looks for things such as like no pointer references. Any type of buffering overflow things like that.
In today's lecture, we discussed applications with malware
This code executes when certain conditions are met. Is it a virus?
See more or d trojan
If you said be a logic bomb that you are correct. Remember, logic bombs only execute when certain conditions are met, usually such as dating time.
Thanks for watching guys. I hope you learned a lot in this video, and I'll see you next time.