00:04
Our next step in the hacker methodology is maintaining access.
00:08
Maintaining access is one of more difficult parts of the hacker methodology.
00:12
Why is it more difficult? Well,
00:15
once you gain access,
00:17
you need to pivot through this system.
00:20
If you exploit something, you don't want to maintain that session. You want to move on to
00:27
some other process on the machine, because if you don't you may crash the process that you exploit it and got into which you throw up a lot of red flags.
00:39
exploit a process and you're sitting in that process and doing last stuff, you may throw up a red flag by how much that process is utilizing memory or processor
00:52
because you may jump into something like a calculator.
01:02
explicable version of Calcutta T X C that is communicating with the Internet for some reason. Now, that's not going to use a whole lot of processor speed or or or memory.
01:14
But as soon as you sit on that and you start doing internal scans or you start doing,
01:19
um, Directorate Reversal or something like that,
01:23
you're going to start eating up
01:25
resource is, and that's gonna be a big red flag. So if you do get access into a machine,
01:30
you want to quickly move out of that process and into a process that
01:37
may utilize more. Resource is so you could look inconspicuous when performing
01:46
If you are found in that process, is killed
01:49
or the machinist turn off, you're gonna lose all your access.
01:52
So, in order to best maintain access,
01:55
scheduled service is which will open the back door back up with for you and communicate with a listener.
02:00
We'll need to be set up.
02:05
something like a Net cat session that is
02:09
set up and scheduled to open back up or be set up as a start up
02:15
process, as could be performed annually or through a script. Which will they run once you gain access,
02:23
preferably running as a designer script and run that script to gain act? Ah, maintain access
02:30
because the quicker you set up that back door,
02:36
and then finally you have to cover your tracks.
02:38
This could be done by
02:40
deleting. Scheduled service is
02:43
deleting files that you may have created,
02:47
dealing user accounts that may have been created, and then any logs or registry keys that may have been altered as well.
02:55
Covering your tracks is very important because if you don't cover your tracks and
03:02
pained really, really quickly and they're gonna know that you were there. So if you're trying to perform
03:08
a vulnerability assessment on a network and they're actively hunting for you and you want to see just how good your people are on that network,
03:17
you're gonna want to cover your tracks very well.
03:20
So what was covered? Well, we talked about why websites are hacked. Do a quick overview of the comment about vulnerabilities. And then we discussed the hacker methodology and some of the tools in it
03:30
at the AC and everyone.