00:03
>> Our next step in the hacker methodology
00:03
is maintaining access.
00:03
Maintaining access is one of
00:03
the more difficult parts of the hacker methodology.
00:03
Why is it more difficult?
00:03
Well, once you gain access,
00:03
you need to pivot through the system.
00:03
If you exploit something,
00:03
you don't want to maintain that session.
00:03
You want to move on to
00:03
some other process on the machine because if you don't,
00:03
you may crash the process
00:03
that you exploded and got into,
00:03
which will throw up a lot of red flags.
00:03
If you exploit a process and you're
00:03
sitting in that process and doing a lot of stuff,
00:03
you may throw up a red flag by how
00:03
much that process is utilizing,
00:03
memory or processor,
00:03
because you may jump into something like calculator,
00:03
some weird exportable version of
00:03
calc.exe that is communicating
00:03
with the Internet for some reason.
00:03
That's not going to use a whole lot of
00:03
processor speed or memory.
00:03
But as soon as you sit on that and you
00:03
start doing internal scans or you
00:03
start doing directory traversal or something like that,
00:03
you're going to start eating up
00:03
resources and that's going to be a big red flag.
00:03
If you do get access into a machine,
00:03
you want to quickly move out of that process into
00:03
a process that may utilize more resources,
00:03
you could look inconspicuous when
00:03
performing your vulnerability test.
00:03
If you are found and that process is
00:03
killed or the machine is turned off,
00:03
you're going to lose all your access.
00:03
In order to best maintain access,
00:03
scheduled services which will open
00:03
the backdoor backup with
00:03
for you and communicate with the listener,
00:03
will need to be set up.
00:03
As could be, something like
00:03
a netcat session that is set up and scheduled to
00:03
open backup or be set up as a startup process as can
00:03
be performed manually or through
00:03
a script which will be run once you gain access.
00:03
Preferably, design a script
00:03
and run that script to maintain
00:03
access because the quicker you set
00:03
up that backdoor, the better.
00:03
Finally, you have to cover your tracks.
00:03
This can be done by deleting scheduled services,
00:03
deleting files that you may have created,
00:03
deleting user accounts that may have been created,
00:03
and then any logs or
00:03
registry keys that may have been altered as well.
00:03
Covering your tracks is very
00:03
important because if you don't cover your tracks,
00:03
then you're going to get pinned really,
00:03
really quickly and they're
00:03
going to know that you were there.
00:03
If you're trying to perform
00:03
a vulnerability assessment on a network and
00:03
they are actively hunting for you and you want
00:03
to see just how good your people are on that network,
00:03
you're going to want to cover your tracks very well.
00:03
What was covered? Well, we talked
00:03
about why websites are hacked,
00:03
did a quick overview of
00:03
the common Web app vulnerabilities
00:03
and then we discussed the Hacker Methodology
00:03
and some of the tools in it.
00:03
[NOISE] Happy hacking everyone.