Time
10 hours 19 minutes
Difficulty
Intermediate
CEU/CPE
12

Video Transcription

00:05
prisons escalation. This is the next category of attack,
00:11
and what we're talking about here is the idea that once an attacker gets into the computer network, they have limited access, potentially based on whatever user they fished or whatever system they compromised.
00:25
Generally, an attacker is gonna want unlimited access to your network. How do they go about doing that? Well, they do that through privilege escalation attacks.
00:33
This could be through user name and password cracking could be through additional social engineering attacks are maybe even exploiting trust relationships that you have on your network or with other partner organizations.
00:47
There's a great Web site out there. Exploit D B.
00:51
This is maintained by anything is maintained by the folks. Offensive security maintains that,
00:57
but it's a collection of
00:59
exploits on. So if you were looking to do province escalation or something like that, there's a whole bunch of suggestions for what you can do on this site, and it's all publicly available information.
01:11
Why would somebody do present escalation? Well, they're looking to gain access to additional information. So once their first attack, once their initial attack is done, they usually have some subset of access right they've got access to certain systems. They've got access to certain information. What they really want to do is increase that.
01:30
And they do that through ribbons, escalation.
01:34
They're going to target any type of system or relationship that might have something of value.
01:41
Well, what is value? What's valuable to an attacker?
01:46
Well, it depends really on what their motivations are, right,
01:49
So it could be information. It could be simple access.
01:53
It really depends on what that attacker wants out of this attack. What are their objectives for this attack?
02:00
If their objectives are to get in and, ah,
02:05
maintain a presence so that when their employer comes up a year later and says, Okay, crash that router, take that system out. They're not really concerned about pulling data out.
02:15
What they will do is go in and they'll sit there on the network and wait patiently until somebody tells them. Okay, shut it down and then they'll push the button
02:23
completely different objective here might be if they're going after intellectual property.
02:28
So they're trying to find your trade secrets and that sort of thing. Their their motivations are I've got to get this file and I don't care how I get it. I just need to get it.
02:37
So break down the door. They'll grab the file on the run away
02:39
on. We'll do it very quickly.
02:43
It's not just a English language problem.
02:45
Um,
02:46
how would you actually go about doing privates? Escalation. A couple examples for you
02:52
Password cracking the idea that you're trying to brute force the password or using a dictionary attack to crack out passwords.
03:04
Dictionary attacks The idea that you have a word list
03:07
and you're trying every word that's in that list. Compute the hash of that compared to what you have and see if the passwords match.
03:15
There are password dictionaries for every single language, very obscure ones and even a cling on language dictionary. So for all of you Trekkie fans who have passwords and cling on,
03:25
I'm sorry there's a dictionary to crack that out. So, you know, it was a Trekkie who came up with that word list.
03:34
Um,
03:36
additional ways of doing proves escalation here. Trust relationships.
03:39
Who is the attack are going to go after in this scenario? Are they going to go after the the company who has a really solid firewall they do lots of defensive measures. They're really strong, secure network. Or they're going to go after the partner of that organization. Maybe 1/3 party
03:59
or an outsource service provider
04:00
who doesn't know the first thing about security. Who do you think they're gonna go after?
04:05
Well, they're gonna go after the weaker of the two, right?
04:10
You don't have to have really good security network security. You just have to have better security than the other guy because that that's who the Attackers were gonna go after. They're gonna go after the weaker links.
04:20
So if you have relationships with external companies, understand that those relationships can be abused. We see this quite a bit within the corporate, the corporate sector, where you've got a company and they've got hundreds of service providers that provide
04:41
something to them.
04:42
Well, they're always network connections. There's always some type of data transfer that happens between,
04:47
you know, parent company and service provider. And sometimes those links aren't monitored or they aren't looked at or, you know, the parent company just said, Here's one of our computer systems. Put it in your office, and when you need to connect to us It's like you've got an always on live drop to our network
05:04
mitigating strategies. Here you have to use strong and complex passwords, anything that uses a password again Windows accounts, email accounts, even WiFi access points. You need to have strong, complex passwords on it,
05:18
and by strong and complex, we don't necessarily mean random characters. It's better to have a long, single word like a 16 character word that's in a dictionary, as opposed to a five or six character
05:34
random password, because it's very easy to crack out short passwords. But the longer it is, the harder it is for that attacker to actually compromise it.
05:46
So using a pass phrase or not a single dictionary, word s o like I have the power or something. I mean that you can use that as a pass phrase, and that's actually pretty secure because it's long number of characters
06:00
do network monitoring, so look for failed log in attempts. This will tell you who's knocking at the door. Who's trying to get in?
06:10
Take a look at the trusted pass eso. If you have a trust relationship with an external provider,
06:16
make sure you monitor those
06:18
the internal or intrusion detection systems. Of course, you've gotta have that. You've gotta have an a virus, but you have to keep it updated.
06:26
Ah, and that will also go towards mitigating somebody doing further escalation
06:30
against you.

Up Next