7 hours 35 minutes
Hey, guys, watch another episode of the S S C P Exam Prep. Siri's I'm your host, Peter Simple in This is going to be the third lesson in the seventh to me
so far in the seventh to mean we've taken a look at this, see a triad and how it applies the Mount Code. We've also taken a look at the different ways that malware tries to infect your system and network, and now, in this lesson, we'll take a look at different kinds of malicious Web activity,
and we'll also take a deep dive into identify and analyzing infections in malware
and how to reduce the impact of any malware. Let's get started
Web based in tax or born of the most popular ways to spread malware in the wild. It's very important for an SSC practitioner to be familiar with different types of attacks and countermeasures when it comes to malware. To the first is cross site scripting,
which is simply a vulnerability that's found on the website
that allows the attacker to injectable wishes code into an application.
Here's how it works
on attacker ingest code into a Web server where it resides on the Web server.
After a while, a Web client or a person browsing the Internet will go and visit that website and then download information from the Webster
Well, once that connection happens, thesis, script or whatever. The malicious code is that sitting on the Web server then gets downloaded to the client so it gets down to the person's computer.
From there, the attacker can access the person's computer with privilege.
There are zero day exploits. This is an attack that has been that exploiting previously unknown vulnerability. This is something being seen for the very first time. And so there are no no patches. There are no remedies to fix this. Zero day exploits are very dangerous,
and there are advanced, persistent threat. See, A P. T. S
A. P T. S uses multiple phases to break in, avoid detection and collect information over a long period of time. They're very flexible and fluid with how they operate so very difficult to find them, trace them and actually remove them.
The five phases of an A P. T. Or reconnaissance
There's also brute force, which is the act of trying every possible combination of a password until one is found.
Now there are a couple different types of payloads. Remember, payload is the main action that malware does. So when it executes whatever that main action is, that is considered the payload. So there are a backdoor Trojan. So these are programs that share the primary functionality
of enabling a remove attacker an attacker to have access to a compromise
computer. So the purpose of a back door is
for an attacker to get back into a computer at a leader deep. Regardless, if there are any
privileges or anything that's changed on, there might be some times might be scanning dawn or anything on the computer or regards to that back door will allow the attacker to still be able to get into that computer.
It's also man in the middle of Mount Code, where an attacker gets in the middle of a conversation between two parties and tries to gain information
kind of activity countermeasures. Do we have? Well, one of the biggest countermeasures is you have third party certifications. All right, You can use all the anti virus anti spam devices that you want, but you don't really know if they're any good or not, unless 1/3 party getting independently verified
that these are good products to use.
Ah, the website for one of the most popular third party certifications is a V test dot org's.
Another counter measure is to look at the process is in the Windows Task Manager. You always wanna look for new or unexpected processes. If you take a look good processes, you can kind of figure out whether associated with or you will see program names that you can associate the process with the application.
Now some of them have you looked for anything new or if you don't recognize, then that might be a sign that there's something else that's going on your computer.
Also, when looking at processes, you always want to take a look at Explorer. Got the exit? You wanna make sure that process is Their process should always be running explored. Got DXC manages the gooey on your best top, so it should always be running. So if you don't see it and that's a telltale sign
that something's wrong with your computer,
it's also the inspection off Windows Registry. You can look at the registry keys and This is just really a database A stores operating system settings during startup.
Once you may identify any files or anything like that, you might want to take a walk into the analysis of the malware, how it behaves and what it's trying to do
in order to properly analyze Malko did. Test system should be in place. That's meant four. Properly analyzing it at the same time that you could do certain things without actually running the malware itself. You could do static file analysis. So this is looking at 12 details
and characteristics to identify.
Investigate Kun. You can also look at file properties, right? Most files are more or less the same size. So if you see any really large files, for whatever reason with it maybe possibly a weird time stamp that doesn't add up. That might be an indication.
Ah, this blouse might be trying to do something
you don't see hash certain files and that will determine if it's been modified or not,
and you can also use a hack senator to look at the bits of a file to see any kind of information. Now the Hex editor just looks at the role bits, and you can see that the hex gets transferred
to a readable format on the right or a somewhat readable format. We're in kind of piece together. Information
about the bids.
Another way to look at the behavior analysis of malware is through virtual environments. You can set up a virtual environment for the malware, run like it's in the sandbox, and then you can kind of take a look and see what it does.
So once you have identified and analyzed now where we definitely want to get rid of it now there's two ways for implementing malware mitigation, and it's important that you do both.
So the first is strategic. This is management and planning, right? You wantto be prepared before you even get infected with malware. So this is Manu and Support Defence in Depth and Incident Response Team's. Now this is the planning aspect, and then the tactical is the actual action
that has been defined in the planning, speech and tactical. You have things such as hardening systems, backing up data
and using different security tools, such a CZ intrusion detection systems.
In today's lecture, we discussed weapon tax, malicious activity, countermeasures,
analysis of malware and malware mitigation
In this attack, an attacker finds a Web vulnerability and injects malware into a website, which gets downloaded into the user's computer when they visit the website. Is it a cross eyed scripting? Be zero day exploit,
See advanced persistent threat or D brute force
If you sent a cross site scripting than you are correct, remember, the attacker inflicts the malware into the Web server and then, once the user,
visit that website they downloaded on a computer. And that's how the attacker is access to the person's computer.
Thanks for watching guys. I hope you learned a lot in this lesson, and I'll see you next time.