Part 9 - Why Sites Get Hacked

Video Activity

The final step in the Hacker Methodology is maintaining access after it has been achieved. This is one of the more difficult steps in the methodology as many red flags can potentially be raised, which can turn the tables and have the victim pursuing the attacker by directing pings at them! An important step in not being discovered is the deletion o...

Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
4 hours 20 minutes
Difficulty
Intermediate
CEU/CPE
5
Video Description

The final step in the Hacker Methodology is maintaining access after it has been achieved. This is one of the more difficult steps in the methodology as many red flags can potentially be raised, which can turn the tables and have the victim pursuing the attacker by directing pings at them! An important step in not being discovered is the deletion of any artifacts left behind such as: - Scheduled services - Files - Any user accounts that were created - Logs

Video Transcription
00:03
>> Our next step in the hacker methodology
00:03
is maintaining access.
00:03
Maintaining access is one of
00:03
the more difficult parts of the hacker methodology.
00:03
Why is it more difficult?
00:03
Well, once you gain access,
00:03
you need to pivot through the system.
00:03
If you exploit something,
00:03
you don't want to maintain that session.
00:03
You want to move on to
00:03
some other process on the machine because if you don't,
00:03
you may crash the process
00:03
that you exploded and got into,
00:03
which will throw up a lot of red flags.
00:03
If you exploit a process and you're
00:03
sitting in that process and doing a lot of stuff,
00:03
you may throw up a red flag by how
00:03
much that process is utilizing,
00:03
memory or processor,
00:03
because you may jump into something like calculator,
00:03
calc.exe,
00:03
some weird exportable version of
00:03
calc.exe that is communicating
00:03
with the Internet for some reason.
00:03
That's not going to use a whole lot of
00:03
processor speed or memory.
00:03
But as soon as you sit on that and you
00:03
start doing internal scans or you
00:03
start doing directory traversal or something like that,
00:03
you're going to start eating up
00:03
resources and that's going to be a big red flag.
00:03
If you do get access into a machine,
00:03
you want to quickly move out of that process into
00:03
a process that may utilize more resources,
00:03
you could look inconspicuous when
00:03
performing your vulnerability test.
00:03
If you are found and that process is
00:03
killed or the machine is turned off,
00:03
you're going to lose all your access.
00:03
In order to best maintain access,
00:03
scheduled services which will open
00:03
the backdoor backup with
00:03
for you and communicate with the listener,
00:03
will need to be set up.
00:03
As could be, something like
00:03
a netcat session that is set up and scheduled to
00:03
open backup or be set up as a startup process as can
00:03
be performed manually or through
00:03
a script which will be run once you gain access.
00:03
Preferably, design a script
00:03
and run that script to maintain
00:03
access because the quicker you set
00:03
up that backdoor, the better.
00:03
Finally, you have to cover your tracks.
00:03
This can be done by deleting scheduled services,
00:03
deleting files that you may have created,
00:03
deleting user accounts that may have been created,
00:03
and then any logs or
00:03
registry keys that may have been altered as well.
00:03
Covering your tracks is very
00:03
important because if you don't cover your tracks,
00:03
then you're going to get pinned really,
00:03
really quickly and they're
00:03
going to know that you were there.
00:03
If you're trying to perform
00:03
a vulnerability assessment on a network and
00:03
they are actively hunting for you and you want
00:03
to see just how good your people are on that network,
00:03
you're going to want to cover your tracks very well.
00:03
What was covered? Well, we talked
00:03
about why websites are hacked,
00:03
did a quick overview of
00:03
the common Web app vulnerabilities
00:03
and then we discussed the Hacker Methodology
00:03
and some of the tools in it.
00:03
[NOISE] Happy hacking everyone.
Up Next