1
00:00:00,290 --> 00:00:05,200
Cybersecurity is an arms race between offensive and defensive capabilities.

2
00:00:05,370 --> 00:00:13,170
And unfortunately we are losing this battle as users we want better technology doing cool things enabling

3
00:00:13,170 --> 00:00:14,290
us to do more.

4
00:00:14,460 --> 00:00:19,490
But the more we have the more we rely on it and the more complex the systems become.

5
00:00:19,500 --> 00:00:22,380
Complexity is the enemy of security.

6
00:00:22,380 --> 00:00:28,620
In fact complexity is a nemesis of security which is one of the main reasons why we are losing this

7
00:00:28,620 --> 00:00:29,870
arms race.

8
00:00:29,890 --> 00:00:36,720
I'm going to get you up to speed on security bugs and vulnerabilities and how they affect your security.

9
00:00:36,720 --> 00:00:41,280
Security bug and a vulnerability are actually the same thing so they're synonyms for each other.

10
00:00:41,460 --> 00:00:47,310
So if I say security but the vulnerability is the same thing and it's an error it's an error written

11
00:00:47,310 --> 00:00:54,600
into software that creates a potential for a threat agents or a hacker to exploit it.

12
00:00:54,600 --> 00:01:00,930
So an example might be the classic Heartbleed bug which you may have heard about because it was on mainstream

13
00:01:00,930 --> 00:01:01,740
news.

14
00:01:01,840 --> 00:01:09,030
This was a bug in something called Open SSL which enabled the decryption of Internet traffic sent to

15
00:01:09,030 --> 00:01:10,350
vulnerable sites.

16
00:01:10,350 --> 00:01:13,130
So for example maybe you have a online bank.

17
00:01:13,130 --> 00:01:18,720
If it was susceptible to the Heartbleed bug and when you were sending your username and password somebody

18
00:01:18,810 --> 00:01:26,130
may if the bug was in that bank able to decrypt and get access to your username and password security

19
00:01:26,130 --> 00:01:34,530
bugs will always exist as long as humans write software that might not be forever but humans are fallible.

20
00:01:34,530 --> 00:01:40,200
So as long as humans write software there's going to be security bugs and it's no surprise really if

21
00:01:40,200 --> 00:01:46,890
you consider something like the Windows operating system it's made up of millions and millions of lines

22
00:01:46,890 --> 00:01:47,810
of code.

23
00:01:47,850 --> 00:01:49,260
Humans are fallible.

24
00:01:49,260 --> 00:01:50,510
We will make mistakes.

25
00:01:50,520 --> 00:01:57,100
There will be security books on the left here you can see a diagram that represents your computer and

26
00:01:57,110 --> 00:02:01,430
on the right we have a diagram that represents Internet on each side.

27
00:02:01,440 --> 00:02:03,430
We have things that you care about.

28
00:02:05,040 --> 00:02:12,240
Security both can exist in your operating system firmware applications things like Outlook your media

29
00:02:12,240 --> 00:02:19,490
player dobi acrobat and no particular risk that can exist in your browser and the extensions and add

30
00:02:19,490 --> 00:02:20,850
ons within the browser.

31
00:02:20,850 --> 00:02:26,880
So for example there could be a security bug in your Internet Explorer you visit a website which has

32
00:02:27,060 --> 00:02:28,370
special code on it.

33
00:02:28,470 --> 00:02:35,430
You won't see that this code is on there and this will install malware on your machine and take you

34
00:02:35,490 --> 00:02:41,550
over through that vulnerability and maybe the consequences are that they choose to encrypt all your

35
00:02:41,550 --> 00:02:43,910
files and hold them to ransom.

36
00:02:44,010 --> 00:02:46,130
And do you pay money to decrypt it.

37
00:02:46,130 --> 00:02:47,740
That's known as ransom Why.

38
00:02:47,910 --> 00:02:50,450
Because you have things you care about online.

39
00:02:50,460 --> 00:02:58,020
We have to consider the security bugs that exist on Internet sites and on the Internet infrastructure.

40
00:02:58,260 --> 00:03:05,790
So maybe use Dropbox and there's a book that was discovered by Dr. reveal on Dropbox which gives him

41
00:03:05,850 --> 00:03:14,160
access to your files and because Dropbox stores encryption keys so encryption isn't going to save you.

42
00:03:14,220 --> 00:03:17,030
He will then have access to your files.

43
00:03:17,040 --> 00:03:23,420
There are two main types of Bogues really the best to draw a distinction between.

44
00:03:23,520 --> 00:03:26,710
And those are the known and unknown bugs.

45
00:03:27,030 --> 00:03:32,340
So we start with a known Boob's known bugs or vulnerabilities have patches.

46
00:03:32,460 --> 00:03:39,310
And if you patch your system you are safe against that book and we will cover the best and easiest way

47
00:03:39,310 --> 00:03:44,170
to do patching of all the things that need patching as we go through.

48
00:03:44,310 --> 00:03:49,920
And then you have the notebook also can be referred to as zero days.

49
00:03:49,920 --> 00:03:52,390
These are much harder to protect against.

50
00:03:52,410 --> 00:03:54,120
There is no patch.

51
00:03:54,330 --> 00:03:58,460
So we'll cover a lot of techniques to protect against these.

52
00:03:58,680 --> 00:04:03,370
And these are referred to in the security industry as a compensating control.

53
00:04:03,390 --> 00:04:11,570
I'm going to bring a page spreadsheet to give you a little bit more of an insight into the world of

54
00:04:11,570 --> 00:04:12,970
the cyber criminal.

55
00:04:13,130 --> 00:04:18,550
Your boring entrepreneur a hacker doesn't even need to be particularly skilled these days.

56
00:04:18,590 --> 00:04:22,490
He can go purchase an ready readymade exploit kit.

57
00:04:22,700 --> 00:04:30,620
If you look at the spreadsheet here along the top these are the various popular exploit kits that are

58
00:04:30,620 --> 00:04:41,620
available at the moment and to purchase and down here the various abilities what they affect down here.

59
00:04:41,760 --> 00:04:51,020
And as a budding hacking entrepreneur we can look through here and see which particular vulnerability

60
00:04:51,270 --> 00:04:52,820
we might want to use.

61
00:04:52,830 --> 00:04:56,400
OK we might want to exploit Internet Explorer.

62
00:04:56,400 --> 00:05:00,330
So there we go we can use this one.

63
00:05:00,460 --> 00:05:07,990
And here we can see this one allows the remote attacker to execute arbitrary code by a crafted website

64
00:05:08,070 --> 00:05:16,770
that triggers access to a detailed object that really means that if you click on a link or go anywhere

65
00:05:17,070 --> 00:05:22,530
with an Internet Explorer browser susceptible to this vulnerability they can take over your machine.

66
00:05:23,070 --> 00:05:27,210
As of 2018 the use of exploit kids is in decline.

67
00:05:27,330 --> 00:05:33,930
The attackers favoring alternative means of infection like social engineering because of how social

68
00:05:33,930 --> 00:05:35,600
engineering attacks work.

69
00:05:35,610 --> 00:05:42,180
Surely there is still significant activity in the exploit domain though exploit kids are evolving over

70
00:05:42,180 --> 00:05:45,980
time as they adopt new technologies to avoid detection.

71
00:05:45,990 --> 00:05:53,100
A good resource if you're interested in learning more about the latest exploit kids is the ex-boy kit

72
00:05:53,220 --> 00:05:55,970
landscape map which you can see.

73
00:05:55,960 --> 00:06:03,560
The application here in front of you is an attempt to organize current active campaigns involving exploit

74
00:06:03,560 --> 00:06:03,970
kids.

75
00:06:04,020 --> 00:06:09,670
You go to that you are all there you'll need an application but you can then download it.

76
00:06:09,680 --> 00:06:15,320
The landscape map and find out more about the current active campaigns.

77
00:06:15,890 --> 00:06:21,830
If a hacker doesn't want to buy or rent an exploit kit you can always just go out and find the exploit

78
00:06:21,830 --> 00:06:22,990
code itself.

79
00:06:23,090 --> 00:06:29,930
An interesting practical exercise for you to try is have a look at this exploit database which you can

80
00:06:30,080 --> 00:06:32,100
find that you are here.

81
00:06:32,420 --> 00:06:38,550
Or if you don't want to use you or else you can use search exploit which is a tool that comes with Kelly.

82
00:06:38,930 --> 00:06:44,090
Kelly later but for now you can just check out you are around and use the you are now.

83
00:06:44,180 --> 00:06:50,000
So why not have a look to see if there are available exploits for common applications that you use or

84
00:06:50,000 --> 00:06:51,640
operating system that you use.

85
00:06:51,800 --> 00:06:57,650
So let me give you an example so let's do a search for office see what we find.

86
00:06:57,660 --> 00:07:00,890
Go do the no robots capture thing as well.

87
00:07:02,730 --> 00:07:08,750
And here we are we can see offers of obviously both the Microsoft Office of libber office in there.

88
00:07:08,910 --> 00:07:15,500
So here we are we've got a top or rather recent vulnerability for Microsoft Office there.

89
00:07:15,630 --> 00:07:18,520
We can see that the exploit is downloadable.

90
00:07:18,540 --> 00:07:25,040
That's in a ruby script or abbay which generally means it's part of métis boy being part of métis boy

91
00:07:25,040 --> 00:07:30,810
it means you can use the Metis point framework to exploit the vulnerability easier.

92
00:07:30,950 --> 00:07:36,240
And if we click here we can see a little bit more of the actual exploit itself.

93
00:07:36,490 --> 00:07:43,050
So a hacker would they could email someone a word document or document that word processors and then

94
00:07:43,050 --> 00:07:50,280
with that if the vulnerability allows it then take over that person's machine if they're not patched.

95
00:07:50,280 --> 00:07:53,260
Another example let's have a look for Wordpress

96
00:08:01,430 --> 00:08:04,720
and we can obviously specify versions in here.

97
00:08:04,720 --> 00:08:10,600
So if you want to access one WordPress web server if it's not patched you'll be able to find abilities

98
00:08:10,640 --> 00:08:20,300
in here and maybe Let's have a look for Apache struts and Apache struts exploit was used in the Equifax

99
00:08:20,300 --> 00:08:24,450
hack which Expo's 140 plus million personal records.

100
00:08:24,590 --> 00:08:29,760
And in here you'll find the exploit code that actually did the exploiting of Equifax.

101
00:08:30,020 --> 00:08:37,430
Now these exploits of four known security bugs and vulnerabilities most if not all of these vulnerabilities

102
00:08:37,760 --> 00:08:40,190
will have patches available for them.

103
00:08:40,250 --> 00:08:46,790
But many devices won't be patched even though there is a patch available this is the nature of the Internet

104
00:08:47,240 --> 00:08:54,560
which is why these exploits are useful to hackers still vulnerabilities that have exploits publicly

105
00:08:54,560 --> 00:09:00,670
available like these that we can see here or a big risk to anyone who's not actually against them.

106
00:09:01,810 --> 00:09:03,610
We have a look at this chart here.

107
00:09:03,610 --> 00:09:06,830
Vulnerabilities are assigned C.V numbers.

108
00:09:06,880 --> 00:09:12,250
These are the current top exploited vulnerabilities is an example for Windows.

109
00:09:12,280 --> 00:09:19,270
So as you can see are as old as 2010 are still not getting patched and therefore being exploited by

110
00:09:19,270 --> 00:09:22,290
hackers and within ex-boy kits.

111
00:09:22,370 --> 00:09:28,090
So that gives you a better idea about what security boobs are and vulnerabilities and later on we're

112
00:09:28,090 --> 00:09:33,800
going to be going through the ways to mitigate against the known virtues and the unknown vulnerabilities.