Time
4 hours 20 minutes
Difficulty
Intermediate
CEU/CPE
5

Video Description

The final step in the Hacker Methodology is maintaining access after it has been achieved. This is one of the more difficult steps in the methodology as many red flags can potentially be raised, which can turn the tables and have the victim pursuing the attacker by directing pings at them! An important step in not being discovered is the deletion of any artifacts left behind such as: - Scheduled services - Files - Any user accounts that were created - Logs

Video Transcription

00:04
Our next step in the hacker methodology is maintaining access.
00:08
Maintaining access is one of more difficult parts of the hacker methodology.
00:12
Why is it more difficult? Well,
00:15
once you gain access,
00:17
you need to pivot through this system.
00:20
If you exploit something, you don't want to maintain that session. You want to move on to
00:27
some other process on the machine, because if you don't you may crash the process that you exploit it and got into which you throw up a lot of red flags.
00:37
Also, if you
00:39
exploit a process and you're sitting in that process and doing last stuff, you may throw up a red flag by how much that process is utilizing memory or processor
00:52
because you may jump into something like a calculator.
00:58
Calcutta T X C
00:59
um, some weird,
01:02
explicable version of Calcutta T X C that is communicating with the Internet for some reason. Now, that's not going to use a whole lot of processor speed or or or memory.
01:14
But as soon as you sit on that and you start doing internal scans or you start doing,
01:19
um, Directorate Reversal or something like that,
01:23
you're going to start eating up
01:25
resource is, and that's gonna be a big red flag. So if you do get access into a machine,
01:30
you want to quickly move out of that process and into a process that
01:37
may utilize more. Resource is so you could look inconspicuous when performing
01:42
you're
01:44
vulnerability Test.
01:46
If you are found in that process, is killed
01:49
or the machinist turn off, you're gonna lose all your access.
01:52
So, in order to best maintain access,
01:55
scheduled service is which will open the back door back up with for you and communicate with a listener.
02:00
We'll need to be set up.
02:02
This could be
02:05
something like a Net cat session that is
02:09
set up and scheduled to open back up or be set up as a start up
02:15
process, as could be performed annually or through a script. Which will they run once you gain access,
02:23
preferably running as a designer script and run that script to gain act? Ah, maintain access
02:30
because the quicker you set up that back door,
02:35
the better,
02:36
and then finally you have to cover your tracks.
02:38
This could be done by
02:40
deleting. Scheduled service is
02:43
deleting files that you may have created,
02:46
um,
02:47
dealing user accounts that may have been created, and then any logs or registry keys that may have been altered as well.
02:55
Covering your tracks is very important because if you don't cover your tracks and
03:00
you're gonna get
03:02
pained really, really quickly and they're gonna know that you were there. So if you're trying to perform
03:08
a vulnerability assessment on a network and they're actively hunting for you and you want to see just how good your people are on that network,
03:17
you're gonna want to cover your tracks very well.
03:20
So what was covered? Well, we talked about why websites are hacked. Do a quick overview of the comment about vulnerabilities. And then we discussed the hacker methodology and some of the tools in it
03:30
at the AC and everyone.

Up Next

Web Application Penetration Testing

In this web application penetration testing course, SME, Raymond Evans, takes you on a wild and fascinating journey into the cyber security discipline of web application pentesting. This is a very hands-on course that will require you to set up your own pentesting environment.

Instructed By

Instructor Profile Image
Raymond Evans
Instructor