Our next step in the hacker methodology is maintaining access.
Maintaining access is one of more difficult parts of the hacker methodology.
Why is it more difficult? Well,
once you gain access,
you need to pivot through this system.
If you exploit something, you don't want to maintain that session. You want to move on to
some other process on the machine, because if you don't you may crash the process that you exploit it and got into which you throw up a lot of red flags.
exploit a process and you're sitting in that process and doing last stuff, you may throw up a red flag by how much that process is utilizing memory or processor
because you may jump into something like a calculator.
explicable version of Calcutta T X C that is communicating with the Internet for some reason. Now, that's not going to use a whole lot of processor speed or or or memory.
But as soon as you sit on that and you start doing internal scans or you start doing,
um, Directorate Reversal or something like that,
you're going to start eating up
resource is, and that's gonna be a big red flag. So if you do get access into a machine,
you want to quickly move out of that process and into a process that
may utilize more. Resource is so you could look inconspicuous when performing
If you are found in that process, is killed
or the machinist turn off, you're gonna lose all your access.
So, in order to best maintain access,
scheduled service is which will open the back door back up with for you and communicate with a listener.
We'll need to be set up.
something like a Net cat session that is
set up and scheduled to open back up or be set up as a start up
process, as could be performed annually or through a script. Which will they run once you gain access,
preferably running as a designer script and run that script to gain act? Ah, maintain access
because the quicker you set up that back door,
and then finally you have to cover your tracks.
This could be done by
deleting. Scheduled service is
deleting files that you may have created,
dealing user accounts that may have been created, and then any logs or registry keys that may have been altered as well.
Covering your tracks is very important because if you don't cover your tracks and
pained really, really quickly and they're gonna know that you were there. So if you're trying to perform
a vulnerability assessment on a network and they're actively hunting for you and you want to see just how good your people are on that network,
you're gonna want to cover your tracks very well.
So what was covered? Well, we talked about why websites are hacked. Do a quick overview of the comment about vulnerabilities. And then we discussed the hacker methodology and some of the tools in it
at the AC and everyone.