Time
1 hour 41 minutes
Difficulty
Beginner
CEU/CPE
2

Video Transcription

00:01
Hey, guys, Welcome back to the cyber kilt, in course. And sadly, this is other turned name. And today we're covering
00:09
action on objectives.
00:12
Yeah.
00:12
Okay, so we reach the end,
00:16
the goal of the attack.
00:18
Now that we've finished our successful reconnaissance, successful organizations, successful delivery, successful
00:26
exploitation
00:28
on insulation
00:29
and then went through a
00:32
textbook example off commanding, controlled
00:36
now at the
00:39
attacker went through the environment. However, so far he did not get a single thing. Nothing.
00:47
The only thing that he can say now is he was able to hack this or that company. But he does not even have pervaded that.
00:56
So now he most action on objective.
01:00
So
01:02
the accident objective
01:03
in the action of UN objectives, the attacker performs
01:08
the steps to achieve that goal. So basically, going through six step is to achieve the action on objective.
01:18
So now
01:19
the attacker is in the network. He has connective ity. Now he needs to get
01:26
basically the payment ist it easy, Logan. Data account information. Any other sensitive information
01:34
grass. Um, the whole metric and hope people would pay for that.
01:40
That's action on objective.
01:42
This step, by the way, might take months
01:47
it's because the attacker tries to be
01:51
as
01:53
less noisy as possible. So he's trying to take a 1,000,000,000,000 steps without being detected.
02:00
He needs to be silent,
02:04
so that's why it takes a lot of time
02:07
on. During that time, he needs again communication, which is command and control.
02:12
So action objective is kind of the goal.
02:15
Let's go back to our example.
02:17
I'm not sure if you guys noticed one thing when I displayed the picture.
02:23
There's one thing
02:24
that
02:25
actually
02:27
kind of caught my eye.
02:30
Basically, the machine
02:32
has
02:34
no
02:36
anti virus. Nothing.
02:38
It's not showing the other thing. It's a laptop, which means it's portable. So basically, these are the kind of things that was someone would look into. So because of select up, it's portable. There's a lot of data stored on the laptop because he needs to access even when he's away from the office. So
02:58
let's go back to the
03:00
machine itself and
03:06
and start with
03:09
going to the desktop,
03:10
cause a lot of people would save some day
03:14
data on
03:15
the
03:16
stop. Okay, I need to put CD
03:22
users
03:27
then that
03:30
go to desktop
03:32
and then we're going
03:35
two.
03:37
Look what kind of things
03:38
they have
03:40
on the desktop.
03:44
So this might seem interesting.
03:46
Obviously, in a real life situation would not be as easy as this. However, a folder on the desktop is called Crown Jewels that taxi.
03:57
And I know a reality. This would never happen.
04:00
But why not?
04:04
So let's open the violence, See, but kind of information is,
04:12
and it
04:14
okay, so
04:15
it's not really a
04:20
the next machine, so I cannot
04:25
on that.
04:27
So it's a less
04:29
come on
04:30
to start T X c.
04:45
Okay. So again, I'm sorry about that. I thought for some reason when you used the next
04:50
less as one of the things that you
04:54
get used to So I'm I'm showing the counters, that text and it says Count Jews. Obviously, this is just a capture, the flag kind of situation where it was extremely obvious.
05:10
But there you go. You want to go through the
05:14
Oh, The attacker would go through the machine file by file until he reaches his
05:20
his goal.
05:23
That he started this for again. Don't forget that I still have all of these options that I can't run. I can't record the mike again. It's a laptop. If I won a bike when there and
05:35
they Ah, when they are in the meeting or something like that, I would be able to get more information that I hoped for.
05:45
On dhe, you can terminate processes. You can basically clear the event logs. Obviously, a lot of hackers would do that before they leave.
05:55
Ah,
05:57
and and there's a lot of capabilities that you can do that. Don't forget that.
06:04
Okay,
06:05
So
06:08
we covered the final step of the cyber guilting. What is the main purpose off the action on objective
06:16
face?
06:19
So, as I said now, then through the takes,
06:24
the action required to achieve that goal
06:28
getting the day today he wants credit card information, payment ist ity any other
06:33
ah
06:35
possibility. There's a limitless number of possibilities off objectives that a hacker, my tap, it might be just destructive. Where he destroyed the whole system's on believe it can be a lot somewhere kind of thing, so depends on the objective.
06:53
So we have a number of tour forces here. The 1st 1 is action. Objective can be done quickly and shouldn't take too long.
07:02
That's actually not true action. As I said, you have to be at the tackle has to be as quiet as possible during action. Objective because you don't want to be discovered. You want to take your time. Now that you're beyond any security system or any capabilities for them to discovery, you want to be as quiet as possible. Take your time.
07:23
Explore
07:24
everything that you can to explore and then action on your objective.
07:30
Second, hacker used or hackers use actions on objective
07:34
to erase any lock and leave
07:38
and other contain. That's one usually the last phase. We're basically action objective. And then there is a love your large on leave,
07:49
however, and this Africa LTE it's usually Ah,
07:54
not something that they pay attention to addressing the logs because it's kind of the action objective. He well, he got the goal regards if they discovered him or not
08:03
after the fact
08:05
he has,
08:07
she achieved his objective.
08:09
However, it's usually a good idea for an attacker to erase any logs before leaving the environment.
08:18
Finally, action on objective is the gold off. The attack
08:22
on that's actually true because,
08:26
well, we said is the 1st 6 step is for me to reach that goal to teach basically the capability to get my objective out of the whole attack.
08:37
Okay, so we today we covered action on objectives.
08:41
We covered the full cyber kilt in. We went through three reconnaissance
08:48
organization delivery
08:52
exploitation, installation,
08:54
commanding control
08:56
on DDE.
08:56
We just covered action on objectives.
09:01
And the next video, we're going to use the cybercult chain to design
09:07
a defense in depth model for a corporate or a company.
09:13
Thank you so much. And I see you then.

Up Next

Cybersecurity Kill Chain™

A practical take on Lockheed Martin Cyber Kill Chain™, The course simulates an example target attack following the 7 phases of the Cyber Kill Chain™.

Instructed By

Instructor Profile Image
Abdulrahman Alnaim
Security Operations Manager
Instructor