WEBVTT 1 00:00:00.080 --> 00:00:02.399 Welcome to the deep dive, where today we're going to 2 00:00:02.439 --> 00:00:06.240 be stepping into the shoes of cybersecurity's finest well and 3 00:00:06.280 --> 00:00:08.560 maybe not so fine. As we're talking Red teams and 4 00:00:08.640 --> 00:00:11.960 Blue teams today. You've provided us with their operator handbook. 5 00:00:12.080 --> 00:00:15.599 It's like getting a backstage pass to a digital battlefield. 6 00:00:15.720 --> 00:00:19.239 It's a fascinating document, it really is. Yeah, it's like 7 00:00:19.280 --> 00:00:22.480 a playbook for this high stakes game of digital chess. 8 00:00:22.640 --> 00:00:26.120 You get to see the strategies, the tools that both 9 00:00:26.160 --> 00:00:27.600 sides use really rare. 10 00:00:27.800 --> 00:00:31.719 Yeah, and the scope is incredible. Cloud security, social media investigations, 11 00:00:31.760 --> 00:00:36.039 reverse image searching. Cybersecurity isn't just about you know, firewalls 12 00:00:36.039 --> 00:00:37.000 and code anymore. 13 00:00:37.119 --> 00:00:37.679 No, not at all. 14 00:00:37.719 --> 00:00:41.119 It's all about information now, where it's stored, how it's used, 15 00:00:41.479 --> 00:00:43.880 and most importantly, how it can be exploited. And this 16 00:00:43.960 --> 00:00:46.799 handbook gets that. I mean, it covers securing a cloud 17 00:00:46.799 --> 00:00:49.640 server all the way to the potential dangers of you know, 18 00:00:49.840 --> 00:00:50.719 just sending a tweet. 19 00:00:50.920 --> 00:00:53.359 So let's break down this whole Red team versus Blue 20 00:00:53.359 --> 00:00:56.600 team thing a little more for our listener, Like, who 21 00:00:56.679 --> 00:00:57.399 are these guys? 22 00:00:57.799 --> 00:01:01.159 Okay, so imagine this the Red team. They're on offense. 23 00:01:01.719 --> 00:01:05.480 They are constantly probing for weaknesses. They're actively trying to 24 00:01:05.560 --> 00:01:09.239 breach systems, just like a real attacker would, but their 25 00:01:09.280 --> 00:01:12.599 goal is to find and fix those vulnerabilities before the 26 00:01:12.640 --> 00:01:14.000 bad guys can exploit them. 27 00:01:14.239 --> 00:01:17.040 So they're like, uh, ethical hackers. 28 00:01:16.760 --> 00:01:19.799 Yeah, causing a little good trouble, making the digital world 29 00:01:19.920 --> 00:01:20.719 a safer place. 30 00:01:20.840 --> 00:01:23.319 Love it. And the Blue Team that's our defense. 31 00:01:23.480 --> 00:01:26.840 Yeah, the defenders, they're like the cybersecurity equivalent of like 32 00:01:26.920 --> 00:01:31.159 a really well coordinated security team, right, constantly monitoring for threats, 33 00:01:31.200 --> 00:01:35.319 reinforcing defenses, doing everything they can to protect their organization's data. 34 00:01:35.480 --> 00:01:37.959 Sounds like a constant back and forth, Yeah, an arms 35 00:01:38.000 --> 00:01:40.359 race of innovation, both sides trying to out maneuver each 36 00:01:40.359 --> 00:01:41.239 other exactly. 37 00:01:41.640 --> 00:01:44.680 And that's where the tools outlined in this handbook coming 38 00:01:44.719 --> 00:01:47.200 too play. Think of it as like peeking into the 39 00:01:47.239 --> 00:01:50.000 specialized toolboxes of both sides. You get to see the 40 00:01:50.200 --> 00:01:53.680 ingenuity employed in this constant tug of war. 41 00:01:53.879 --> 00:01:57.920 Okay, so let's talk more action. Let's dive into these tools, 42 00:01:58.280 --> 00:02:01.239 starting with the Blue Team using to fight off these 43 00:02:01.239 --> 00:02:02.920 attacks and keep our data safe. 44 00:02:03.000 --> 00:02:05.840 Well, one critical tool is splunk, and they use that 45 00:02:05.959 --> 00:02:09.680 to analyze what we call machine generated data, So imagine 46 00:02:09.719 --> 00:02:12.280 trying to search for a needle in a digital haystack. 47 00:02:13.000 --> 00:02:17.080 Splunk is what helps Blue teams detect anomalies, investigate any incidents, 48 00:02:17.360 --> 00:02:19.879 and get a clear picture of what's happening across their 49 00:02:20.039 --> 00:02:20.919 entire network. 50 00:02:21.199 --> 00:02:24.680 So Sklunk is the Blue team's magnifying glass, helping them 51 00:02:24.719 --> 00:02:27.719 spot those subtle clues that might indicate a breach. 52 00:02:28.159 --> 00:02:30.080 That's a great way to put it. Yeah, and then 53 00:02:30.120 --> 00:02:33.439 you've got Oscary. Now, Oscary is like having X ray 54 00:02:33.520 --> 00:02:36.960 vision into an operating system. Blue teams they can treat 55 00:02:37.000 --> 00:02:39.960 the entire system like a searchable database, query it for 56 00:02:40.039 --> 00:02:41.879 any signs of suspicious activity. 57 00:02:42.199 --> 00:02:44.879 So if Splunk is the magnifying glass, then Oscary is 58 00:02:44.919 --> 00:02:48.080 the X ray machine revealing what's hidden beneath the surface. 59 00:02:48.120 --> 00:02:50.840 What else well, they use ra as well, and a 60 00:02:51.000 --> 00:02:56.080 URE helps identify malware based on specific patterns and characteristics. 61 00:02:56.159 --> 00:02:58.439 You can think of it like a digital fingerprint database 62 00:02:58.479 --> 00:03:02.319 for malicious software. With y R, blue teams can quickly 63 00:03:02.360 --> 00:03:05.280 identify and then neutralize these threats before they can cause 64 00:03:05.319 --> 00:03:06.240 too much damage. 65 00:03:06.360 --> 00:03:08.759 So the Blue team sounds like they've got an entire 66 00:03:08.919 --> 00:03:11.919 arsenal at their disposal. But what about the Red Team. 67 00:03:12.159 --> 00:03:15.719 What are they packing in their arsenal to test those defenses. 68 00:03:15.800 --> 00:03:18.479 Well, one tool that they use is called Responder and 69 00:03:18.560 --> 00:03:23.039 Responder it exploits vulnerabilities in how computers actually communicate on 70 00:03:23.080 --> 00:03:25.000 a network. So let's say you're an employee and you're 71 00:03:25.000 --> 00:03:28.479 trying to log into your company's server. Responder can actually 72 00:03:28.479 --> 00:03:31.800 intercept that communication, right, and then it tricks your computer 73 00:03:31.879 --> 00:03:34.520 into sending your login credentials to the attacker. 74 00:03:34.639 --> 00:03:38.120 So it's like a digital con artist tricking unsuspecting victims 75 00:03:38.199 --> 00:03:40.039 into giving up sensitive information. 76 00:03:40.319 --> 00:03:44.000 Yeah, precisely. And then there's mimicats, and mimicats is often 77 00:03:44.080 --> 00:03:47.560 used after a system has already been compromised. What it 78 00:03:47.599 --> 00:03:52.080 does is it extracts plaintext, passwords, any sensitive information. Really 79 00:03:52.479 --> 00:03:55.840 that potentially gives attackers access to know even more critical 80 00:03:55.879 --> 00:03:57.800 systems and of course data. 81 00:03:57.840 --> 00:03:59.919 So if Responder gets the Red Team through the door, 82 00:04:00.639 --> 00:04:02.719 mimic ads helps them empty the safe. 83 00:04:02.960 --> 00:04:05.479 That's a great analogy. And then of course we can't 84 00:04:05.479 --> 00:04:08.280 forget about the infamous metasploit framework. 85 00:04:08.599 --> 00:04:09.599 This powerful tool. 86 00:04:09.639 --> 00:04:12.639 It's like a Swiss army knife for penetration testers. It's 87 00:04:12.680 --> 00:04:16.439 this collection of exploits, payloads and tools that all simulate 88 00:04:16.839 --> 00:04:18.399 these real world attacks. 89 00:04:18.519 --> 00:04:22.319 This handbook isn't shying away from like the more potent 90 00:04:22.360 --> 00:04:23.720 aspects of cybersecurity. 91 00:04:23.839 --> 00:04:25.680 No, it doesn't, And I think that's why it's such 92 00:04:25.720 --> 00:04:29.040 a valuable resource, because you really get a look into 93 00:04:29.079 --> 00:04:31.959 that cat and mouse game that is cybersecurity today. 94 00:04:32.199 --> 00:04:34.399 Now you've got me curious about these tools. Yeah, like 95 00:04:34.519 --> 00:04:37.560 in the real world. For instance, you mentioned Responder and 96 00:04:37.600 --> 00:04:40.639 its ability to capture credentials. What would that look like 97 00:04:40.839 --> 00:04:42.199 in a real world scenario? 98 00:04:42.399 --> 00:04:44.879 Okay, so imagine a red team they set up a 99 00:04:44.959 --> 00:04:47.639 rogue access point in a busy coffee shop, you know, 100 00:04:47.680 --> 00:04:49.920 one that a lot of employees of a target company use. 101 00:04:50.160 --> 00:04:52.959 This access point might have a very legitimate sounding name 102 00:04:53.079 --> 00:04:55.920 like I don't know, free WiFi, but when someone connects 103 00:04:55.959 --> 00:04:58.279 to it, Responder can then be used to capture their 104 00:04:58.360 --> 00:05:01.160 log in credentials as they try to act company resources, 105 00:05:01.639 --> 00:05:05.160 and suddenly the red team has that foothold within the 106 00:05:05.199 --> 00:05:06.040 company's network. 107 00:05:06.160 --> 00:05:08.959 It's a good reminder that cybersecurity isn't just about you know, 108 00:05:09.000 --> 00:05:12.360 having strong firewalls and these complex passwords. It's also about 109 00:05:12.399 --> 00:05:16.240 being aware of our surroundings, right, understanding how even something 110 00:05:16.279 --> 00:05:19.160 as simple as connecting to public Wi Fi can have 111 00:05:19.240 --> 00:05:21.079 real security implications one. 112 00:05:21.000 --> 00:05:23.480 Hundred percent, and it also highlights how important the blue 113 00:05:23.519 --> 00:05:26.879 team is not only securing the network, but also educating 114 00:05:26.920 --> 00:05:30.399 employees about potential threats and how to mitigate those risks. 115 00:05:30.560 --> 00:05:34.319 So it's this constant dance between offense and defense technology 116 00:05:34.680 --> 00:05:39.759 and human behavior which brings us to OSENT, Open Source intelligence. 117 00:05:39.279 --> 00:05:39.920 Right and OSIN. 118 00:05:40.000 --> 00:05:43.839 It's all about gathering information from sources that are publicly available. 119 00:05:43.879 --> 00:05:48.240 I'm talking social media, search engines, public records, company websites, heck, 120 00:05:48.319 --> 00:05:51.600 even just job postings. What's so fascinating about it is 121 00:05:52.199 --> 00:05:56.079 both red teams and blue teams they leverage this information, 122 00:05:56.279 --> 00:05:59.800 you know, this freely available information, all for their own purposes. 123 00:06:00.120 --> 00:06:02.439 So we're talking about information that many of us encounter 124 00:06:02.519 --> 00:06:05.240 every single day. It's a little unsettling, it can be. 125 00:06:05.519 --> 00:06:08.160 So for instance, a blue team might use OSENT to 126 00:06:08.279 --> 00:06:11.639 monitor for any data leaks or phishing campaigns that target 127 00:06:11.680 --> 00:06:15.720 their organization right get ahead of a potential crisis. But conversely, 128 00:06:16.120 --> 00:06:18.439 a Red team might use the exact same techniques to 129 00:06:18.480 --> 00:06:22.680 profile their targets. They could identify potential vulnerabilities or craft 130 00:06:23.160 --> 00:06:26.360 very targeted phishing attacks. It all comes down to how 131 00:06:26.360 --> 00:06:29.000 this publicly available information is pieced together. 132 00:06:29.399 --> 00:06:32.160 That's incredible. It's like becoming a digital detective. You know, 133 00:06:32.199 --> 00:06:37.560 you're piecing together clues from this vast ocean of information online. 134 00:06:37.040 --> 00:06:40.160 Precisely, and it really underscores the fact that everything we 135 00:06:40.240 --> 00:06:43.800 share online, no matter how insignificant it may seem, contributes 136 00:06:43.839 --> 00:06:45.000 to our digital footprint. 137 00:06:45.160 --> 00:06:47.040 Both the good guys and the bad guys can use. 138 00:06:47.079 --> 00:06:49.680 It makes it more important than ever to be mindful 139 00:06:49.759 --> 00:06:50.839 of our online presence. 140 00:06:51.000 --> 00:06:53.800 This handbook is really making me rethink like my entire 141 00:06:53.879 --> 00:06:57.399 approach to online security. It's not just about having strong 142 00:06:57.399 --> 00:06:58.399 passwords anymore. 143 00:06:58.720 --> 00:06:59.279 No, it's not. 144 00:06:59.399 --> 00:07:02.480 It's about being I'm aware of the bigger picture, understanding 145 00:07:02.560 --> 00:07:06.959 how seemingly like random pieces of information can be used, 146 00:07:07.399 --> 00:07:11.160 and recognizing that cybersecurity it's as much about our own 147 00:07:11.279 --> 00:07:14.879 actions and awareness as it is about firewalls and intrusion 148 00:07:14.920 --> 00:07:15.920 detection systems. 149 00:07:16.240 --> 00:07:18.759 This deep dive is already making me question everything I 150 00:07:18.759 --> 00:07:21.399 thought I knew about online security. We've covered a lot, 151 00:07:21.639 --> 00:07:23.199 I mean, from the rules of the Red and Blue 152 00:07:23.199 --> 00:07:26.079 teams to the tools they use, and even the power 153 00:07:26.120 --> 00:07:29.319 of just this public information. I have a feeling this 154 00:07:29.360 --> 00:07:30.600 handbook goes even deeper. 155 00:07:30.639 --> 00:07:32.879 Oh absolutely, We've only just scratched the surface. 156 00:07:32.920 --> 00:07:35.199 There's so much more to uncover about the strategies and 157 00:07:35.240 --> 00:07:38.720 techniques used in this ongoing digital battle. 158 00:07:38.959 --> 00:07:41.480 We'll buckle up, listeners, because we're about to go even 159 00:07:41.600 --> 00:07:44.959 deeper into the world of cybersecurity as we continue to 160 00:07:45.040 --> 00:07:51.040 unpack this fascinating operator handbook. Don't go anywhere. Welcome back 161 00:07:51.040 --> 00:07:55.040 to the deep dive. Last time, we dipped our toes 162 00:07:55.120 --> 00:07:57.800 into the world of Red teams and Blue teams, you know, 163 00:07:57.879 --> 00:08:00.680 explored the tools and tactics they use in this whole 164 00:08:00.720 --> 00:08:04.600 cybersecurity chess match. But let's dive even deeper into this 165 00:08:04.720 --> 00:08:08.560 Operator handbook. See what other secrets it holds ready to uncover. 166 00:08:08.279 --> 00:08:10.839 More Absolutely, this is this is where it gets good. 167 00:08:11.079 --> 00:08:11.680 This next part. 168 00:08:11.759 --> 00:08:14.079 We're delving into a world where, you know, a single 169 00:08:14.160 --> 00:08:18.439 vulnerability can have massive consequences. Active directory exploitation. 170 00:08:18.600 --> 00:08:21.560 Okay, that sounds a bit ominous. What exactly is active 171 00:08:21.560 --> 00:08:23.920 directory and why is it such a big deal in cybersecurity? 172 00:08:24.000 --> 00:08:26.360 Okay, so think of active directory like the central nervous 173 00:08:26.360 --> 00:08:30.879 system of well of most organizations. Really, it manages user accounts, permissions. 174 00:08:30.920 --> 00:08:34.639 You know, who has access to what critical resources dot email, 175 00:08:34.919 --> 00:08:39.120 shared files, financial data, even customer databases. If an attacker 176 00:08:39.159 --> 00:08:41.879 gets control of active directory, well they basically have the 177 00:08:41.960 --> 00:08:42.759 keys to the kingdom. 178 00:08:42.879 --> 00:08:45.360 So it's less about like breaching the castle walls and 179 00:08:45.399 --> 00:08:47.919 more about seizing control of the command center. 180 00:08:48.039 --> 00:08:51.519 Perfect analogy, and this handbook it outlines all these different 181 00:08:51.600 --> 00:08:56.000 methods for exploiting active directory weaknesses. One technique it's called 182 00:08:56.080 --> 00:08:59.960 kerber roasting, and it targets Kerberos, which is the authentic 183 00:09:00.039 --> 00:09:04.639 cation protocol that active directory uses. By exploiting certain vulnerabilities, 184 00:09:04.720 --> 00:09:09.159 attackers can actually extract user passwords and gain access to 185 00:09:09.200 --> 00:09:12.759 those accounts even if they're protected by you what we 186 00:09:12.879 --> 00:09:14.120 consider strong passwords. 187 00:09:14.120 --> 00:09:16.360 So krip roasting is like finding a master key that 188 00:09:16.480 --> 00:09:19.360 unlocks like multiple doors within a network exactly. 189 00:09:19.399 --> 00:09:20.480 And then there's Bloodhound. 190 00:09:20.960 --> 00:09:25.000 Bloodhound is a tool that it visualizes active directory relationships. 191 00:09:25.039 --> 00:09:28.360 Imagine like a map, but this map it shows every user, 192 00:09:28.440 --> 00:09:32.000 every computer, every connection within an organization. That's what Bloodhound 193 00:09:32.000 --> 00:09:34.759 gives attackers. It allows them to, you know, identify the 194 00:09:34.799 --> 00:09:38.559 weakest links, most vulnerable paths to what's their target. 195 00:09:38.720 --> 00:09:42.240 So Bloodhound helps attackers map out like the path of 196 00:09:42.360 --> 00:09:45.360 least resistance like a GPS for infiltrating a network. 197 00:09:45.600 --> 00:09:50.240 Yeah, precisely helps them identify those high value targets, you know, 198 00:09:50.279 --> 00:09:52.679 the ones that might give them the access they need 199 00:09:52.720 --> 00:09:56.200 to ultimately control that entire active directory environment. 200 00:09:56.399 --> 00:09:58.360 It makes you realize just how important it is to 201 00:09:58.440 --> 00:10:01.960 not only you know, secure those individual systems, but to 202 00:10:02.000 --> 00:10:07.879 actually understand those like interconnected relationships, the potential vulnerabilities you know, 203 00:10:08.039 --> 00:10:08.759 within a network. 204 00:10:08.840 --> 00:10:09.080 Yeah. 205 00:10:09.159 --> 00:10:13.120 No, it's a multi layered approach to security, understanding both 206 00:10:13.200 --> 00:10:18.679 the technical and the human elements. And speaking of human elements, 207 00:10:18.960 --> 00:10:21.919 let's shift gears here a little bit. Let's explore social engineering, 208 00:10:22.039 --> 00:10:26.519 one of the most effective, yet often overlooked aspects of cybersecurity. 209 00:10:27.039 --> 00:10:28.960 Okay, so we're talking about the art of deception here, 210 00:10:29.000 --> 00:10:31.399 you know, tricking people into letting their guard down. What 211 00:10:31.480 --> 00:10:33.799 kind of tactics are we talking about? What's in this handbook? 212 00:10:33.919 --> 00:10:38.159 So social engineering it's all about exploiting human psychology, right, 213 00:10:38.240 --> 00:10:41.679 not so much technical vulnerabilities. It preys on our trust, 214 00:10:41.759 --> 00:10:45.000 our desire to be helpful, even our fear of missing out. 215 00:10:45.440 --> 00:10:48.480 The handbook it really emphasizes how important it is to 216 00:10:48.559 --> 00:10:54.080 create these believable scenarios building trust with your targets, exploiting 217 00:10:54.159 --> 00:10:56.000 common psychological biases. 218 00:10:56.200 --> 00:11:00.240 So it's about crafting the perfect story, one that res 219 00:11:00.240 --> 00:11:02.759 with the target and makes them more likely to comply 220 00:11:02.879 --> 00:11:05.120 with the attacker's requests. Yeah, what would that look like 221 00:11:05.240 --> 00:11:06.919 in the real world? What kind of scenarios? 222 00:11:07.440 --> 00:11:08.320 Okay, so imagine this. 223 00:11:08.879 --> 00:11:10.960 You get an email looks like it's from your bank, Right, 224 00:11:11.320 --> 00:11:14.159 it's urging you to update your loging credentials because oh, 225 00:11:14.200 --> 00:11:16.799 there's been a recent security breach. Now you might be 226 00:11:16.840 --> 00:11:18.840 more likely to click on that link and actually enter 227 00:11:18.879 --> 00:11:21.919 your information without you know, a second thought, especially if 228 00:11:21.919 --> 00:11:24.840 that email it creates this sense of urgency, maybe even 229 00:11:24.879 --> 00:11:28.080 a little fear. That's a classic phishing attack, and it's 230 00:11:28.120 --> 00:11:29.120 incredibly effective. 231 00:11:29.279 --> 00:11:31.440 It preys on our fear that you know, something bad's 232 00:11:31.480 --> 00:11:34.960 going to happen if we don't act immediately. And those tactics, 233 00:11:35.000 --> 00:11:38.399 and they must constantly be evolving, becoming even more sophisticated, 234 00:11:38.480 --> 00:11:39.360 more believable. 235 00:11:39.440 --> 00:11:40.720 Oh they are, they definitely are. 236 00:11:40.840 --> 00:11:44.279 This handbook it even mentions something called pretexting, and that's 237 00:11:44.279 --> 00:11:48.879 where an attacker they create this completely false identity, a backstory, 238 00:11:49.200 --> 00:11:51.960 you know, to gain your trust. They might pose as 239 00:11:52.000 --> 00:11:56.600 a new employee, a tech support agent, even a potential 240 00:11:56.639 --> 00:11:59.840 love interest on a dating website. And once that trust 241 00:11:59.879 --> 00:12:02.720 is established, well, then it becomes much easier to get 242 00:12:02.720 --> 00:12:06.919 that sensitive information right or manipulate the target into doing 243 00:12:07.000 --> 00:12:09.559 things that well that compromise security. 244 00:12:09.600 --> 00:12:11.559 Okay, this is like straight out of a spy thriller 245 00:12:11.639 --> 00:12:14.039 or something. You would never suspect that the person you're 246 00:12:14.039 --> 00:12:17.559 talking to online is actually, you know, this skilled manipulator 247 00:12:17.600 --> 00:12:20.600 with these ulterior motives. Just a good reminder that we 248 00:12:20.639 --> 00:12:23.320 should always be cautious about who we trust, what information 249 00:12:23.360 --> 00:12:27.000 we're sharing online, even in you know, seemingly harmless situations. 250 00:12:27.320 --> 00:12:30.799 Absolutely, just building that awareness, you know about these tactics, 251 00:12:30.799 --> 00:12:35.200 it's so crucial. Now, let's switch gears again back to 252 00:12:35.240 --> 00:12:37.440 the to the technical side for a little bit. We're 253 00:12:37.440 --> 00:12:40.559 gonna explore some more tools that are highlighted in this handbook. 254 00:12:40.559 --> 00:12:43.399 We've discussed a few already, but there's this whole arsenal right, 255 00:12:43.600 --> 00:12:47.600 specialized tools that both these Red and Blue teams use. 256 00:12:47.879 --> 00:12:50.279 Fire Away, I'm ready to learn more about these tools 257 00:12:50.279 --> 00:12:50.799 of the trade. 258 00:12:50.840 --> 00:12:53.240 One tool that really stands out, particularly on the Blue 259 00:12:53.279 --> 00:12:55.600 team side, is oscary. Now we touched on this a 260 00:12:55.600 --> 00:12:59.519 bit earlier, but it's worth diving a little deeper. Imagine 261 00:12:59.559 --> 00:13:02.360 being able to search your entire computer system, like it's 262 00:13:03.080 --> 00:13:05.879 I don't know, like a giant database. That's what Oscary 263 00:13:05.960 --> 00:13:06.480 lets you do. 264 00:13:06.639 --> 00:13:09.399 That sounds incredibly powerful. How does it even work? 265 00:13:09.639 --> 00:13:09.799 Well. 266 00:13:09.799 --> 00:13:12.679 It uses a really simple query language called SQL, and 267 00:13:12.720 --> 00:13:16.799 it's commonly used for managing and querying databases. But instead 268 00:13:16.799 --> 00:13:20.080 of querying a database, you're querying your operating system. Let's 269 00:13:20.080 --> 00:13:22.360 say you want to see all the running processes. Just 270 00:13:22.399 --> 00:13:25.440 write a simple SQL query. Need to check for specific 271 00:13:25.519 --> 00:13:28.720 files or registry keys, Boom, another query can do that. 272 00:13:29.279 --> 00:13:33.519 It gives security teams this unparalleled visibility into their systems. 273 00:13:33.679 --> 00:13:36.840 So it's like having this real time inventory of everything 274 00:13:36.879 --> 00:13:41.279 that's happening on your network, down to the smallest detail precisely. 275 00:13:41.320 --> 00:13:45.120 And that is so invaluable for threat hunting, incident response, 276 00:13:45.200 --> 00:13:48.360 even compliance auditing. For blue teams, it's like having this 277 00:13:48.480 --> 00:13:51.120 powerful forensic tool always at the ready. 278 00:13:51.399 --> 00:13:53.679 But I'd imagine this tool, I mean, it could be 279 00:13:53.840 --> 00:13:55.240 just as valuable in the hands of a red. 280 00:13:55.159 --> 00:13:58.759 Team, right, Oh, absolutely for attackers Oscary it can be 281 00:13:58.840 --> 00:14:02.519 used to gather information about a compromise system, identify valuable data, 282 00:14:02.639 --> 00:14:05.320 even move laterally within a network. But its strength that 283 00:14:05.440 --> 00:14:08.360 it also becomes its weakness because oscary leaves such a 284 00:14:08.399 --> 00:14:11.200 clear audit trail of its activity. So it can also 285 00:14:11.279 --> 00:14:13.559 be a red flag for blue teams if they know 286 00:14:13.919 --> 00:14:14.600 what to look for. 287 00:14:14.840 --> 00:14:18.759 A double edged sword, powerful tool for defense and offense, 288 00:14:19.279 --> 00:14:23.919 each side trying to outmaneuver the other. What about what 289 00:14:24.000 --> 00:14:27.159 about on the red team side, any any other intriguing 290 00:14:27.159 --> 00:14:29.000 tools that they might use to gain an edge. 291 00:14:29.519 --> 00:14:33.240 One that stands out is is Responder. And we did 292 00:14:33.279 --> 00:14:35.240 touch upon this earlier, but it's such a you know, 293 00:14:35.519 --> 00:14:40.080 clever and effective tool it deserves another look. Essentially, Responder 294 00:14:40.279 --> 00:14:43.559 it exploits these vulnerabilities in the way computers find each 295 00:14:43.600 --> 00:14:44.480 other on a network. 296 00:14:44.600 --> 00:14:46.440 Okay, you're gonna have to break that down a bit. Yeah, 297 00:14:46.480 --> 00:14:49.360 so we're talking about computers constantly like talking to each other, right, yeah, 298 00:14:49.399 --> 00:14:50.879 behind the scenes exactly. 299 00:14:51.120 --> 00:14:54.440 Every time you visit a website, access a shared file, 300 00:14:54.600 --> 00:14:57.960 even send an email, your computer, it's it's sending out 301 00:14:58.000 --> 00:15:00.360 these requests across the network, trying to find the right 302 00:15:00.399 --> 00:15:04.120 servers and services. Responder takes advantage of this. It impersonates 303 00:15:04.120 --> 00:15:06.919 those services, and then it tricks your computer into sending 304 00:15:06.960 --> 00:15:08.799 sensitive information well its way. 305 00:15:09.000 --> 00:15:11.559 So it's like setting up like a fake sign on 306 00:15:11.600 --> 00:15:13.960 the Internet pointing graffic in the wrong direction. 307 00:15:14.320 --> 00:15:17.120 That's a brilliant analogy and it can be surprisingly effective. 308 00:15:17.480 --> 00:15:20.720 Let's say an employee connects to their company's Wi Fi network. 309 00:15:20.759 --> 00:15:23.519 They think it's secure, right. If an attacker is using 310 00:15:23.639 --> 00:15:27.240 Responder on that network, they could potentially capture that employee's 311 00:15:27.240 --> 00:15:29.519 log in credentials and they wouldn't even realize it. 312 00:15:29.639 --> 00:15:33.039 That's a scary thought. Just it highlights the importance of 313 00:15:33.360 --> 00:15:36.840 not only having those strong passwords, but being aware of 314 00:15:36.879 --> 00:15:40.519 your network environment, you know, the potential vulnerabilities. Any other 315 00:15:41.240 --> 00:15:43.440 any other tricks that this handbook reveals. 316 00:15:43.559 --> 00:15:46.960 Well, it delves into the world of metasploit, which is 317 00:15:47.120 --> 00:15:50.679 a really powerful framework for penetration testing. Think of it 318 00:15:50.759 --> 00:15:55.080 like a platform one with this vast collection of exploits, payloads, tools, 319 00:15:55.600 --> 00:15:59.279 all designed to simulate real world attacks. Ethical hackers and 320 00:15:59.279 --> 00:16:04.639 security professors. They use metasplate to safely probe systems for weaknesses, 321 00:16:05.000 --> 00:16:06.759 you know, before the bad guys can find them. 322 00:16:06.840 --> 00:16:09.639 So it's like a virtual testing ground for cybersecurity professionals, 323 00:16:09.919 --> 00:16:13.440 allows them to safely experiment with different attack scenarios and 324 00:16:13.799 --> 00:16:16.080 really strengthen those defenses exactly. 325 00:16:16.120 --> 00:16:19.000 It lets them understand how attackers think, what tools they use, 326 00:16:19.399 --> 00:16:21.399 and ultimately how to protect against them. 327 00:16:21.559 --> 00:16:26.159 We've covered some really interesting territory here, from the inner 328 00:16:26.200 --> 00:16:29.600 workings of actor directory to the art of social engineering, 329 00:16:29.919 --> 00:16:34.759 even the tools used to exploit vulnerabilities and strengthen those defenses. 330 00:16:35.000 --> 00:16:38.159 Where do we go from here? What other insights does 331 00:16:38.200 --> 00:16:39.440 this handbook have in store? 332 00:16:39.759 --> 00:16:43.080 Well, in our final act, we're going to explore mobile security, 333 00:16:43.159 --> 00:16:46.679 the challenges of actually responding to a security breach, and 334 00:16:46.720 --> 00:16:49.320 some key takeaways from this whole deep dive that you 335 00:16:49.639 --> 00:16:51.559 can use to bolster your own security. 336 00:16:51.639 --> 00:16:57.159 Don't miss the thrilling conclusion of this cybersecurity saga. We'll 337 00:16:57.200 --> 00:17:01.879 be right back. Welcome back to the deep dive. We've 338 00:17:01.919 --> 00:17:04.720 been through a lot together, Red teams, blue teams, their arsenals, 339 00:17:04.759 --> 00:17:08.079 social engineering, and now what we got to talk about 340 00:17:08.079 --> 00:17:10.839 a battlefield that's practically attached to us at all times. 341 00:17:11.640 --> 00:17:12.440 Mobile security. 342 00:17:12.720 --> 00:17:14.920 Yeah, and it's only getting more important. You know, we're 343 00:17:15.000 --> 00:17:17.720 using our smartphones and tablets for everything, I mean, banking, 344 00:17:17.839 --> 00:17:21.319 social media, you name it. It's it's no surprise those 345 00:17:21.359 --> 00:17:22.759 devices are prime targets. 346 00:17:23.720 --> 00:17:27.119 I feel naked without my phone these days, but honestly, 347 00:17:27.640 --> 00:17:30.119 I don't think about it security all that much beyond 348 00:17:30.119 --> 00:17:34.839 setting a good password. This handbook does it say anything 349 00:17:34.839 --> 00:17:36.079 else about mobile security? 350 00:17:36.240 --> 00:17:39.440 Well, it really stresses that our mobile devices they deserve 351 00:17:39.519 --> 00:17:42.640 the same level of security as our laptops and desktops. 352 00:17:42.680 --> 00:17:46.359 For example, there's app vetting, so you know, being careful 353 00:17:46.359 --> 00:17:48.960 about the apps we download, making sure they're from you know, 354 00:17:49.039 --> 00:17:50.279 those trusted sources. 355 00:17:50.440 --> 00:17:52.680 Yeah, makes sense. It's easy to just get excited about 356 00:17:52.680 --> 00:17:55.000 a new app and you just click installed, don't even 357 00:17:55.039 --> 00:17:56.119 think twice, and that's all. 358 00:17:56.000 --> 00:17:58.440 It takes, right, one impulsive download, and suddenly an attacker 359 00:17:58.480 --> 00:18:02.480 has that has that foothold on your device. The handbook 360 00:18:02.559 --> 00:18:05.440 it does remind us about the basics too, like using 361 00:18:05.480 --> 00:18:09.799 strong passwords or even biometrics to lock our devices. And always, 362 00:18:09.839 --> 00:18:12.519 you know, always keeping your operating system and apps updated. 363 00:18:12.920 --> 00:18:14.160 Patch those vulnerabilities. 364 00:18:14.400 --> 00:18:17.839 Ah, those update notifications easy to ignore, but yeah, they 365 00:18:17.880 --> 00:18:21.680 often have crucial security fixes. It's a little scary, honestly, 366 00:18:22.119 --> 00:18:27.960 thinking what those attackers can do with just like one vulnerable. 367 00:18:27.440 --> 00:18:29.960 App, right, and the handbook gets into some of those 368 00:18:29.960 --> 00:18:33.079 advanced tactics. The ones that red teams use when they're 369 00:18:33.119 --> 00:18:36.400 you know, testing mobile security, jail braking, rooting. 370 00:18:36.400 --> 00:18:37.440 Stuff like that. 371 00:18:37.440 --> 00:18:40.799 That's where you're basically bypassing all those built in security features, 372 00:18:41.200 --> 00:18:43.480 giving someone full control of your phone. 373 00:18:43.519 --> 00:18:45.279 So it's like handing the keys to your smartphone to 374 00:18:45.319 --> 00:18:47.160 a hacker and saying, all right, what can you get 375 00:18:47.359 --> 00:18:47.759 in a way. 376 00:18:47.880 --> 00:18:51.000 Yeah, but remember the red teams, they're using these techniques 377 00:18:51.079 --> 00:18:54.960 ethically to find vulnerabilities and then, you know, help organizations 378 00:18:55.000 --> 00:19:00.000 strengthen their defenses. They might reverse engineer apps too, examine 379 00:19:00.160 --> 00:19:03.359 the code to see, you know, where those security flaws are, 380 00:19:03.400 --> 00:19:05.480 the ones that attackers could could exploit. 381 00:19:05.599 --> 00:19:09.519 It's a little unerving, honestly, knowing how vulnerable our devices 382 00:19:09.519 --> 00:19:12.839 really are as everyday users. I mean, is there anything 383 00:19:12.839 --> 00:19:14.839 we can do or are we just kind of at 384 00:19:14.839 --> 00:19:17.440 the mercy of these app developers and these you know, 385 00:19:17.519 --> 00:19:18.799 operating system updates. 386 00:19:18.960 --> 00:19:23.200 Well those are definitely important, but honestly, awareness, vigilance, those 387 00:19:23.200 --> 00:19:26.480 are our best defenses. Be mindful of the permissions you're 388 00:19:26.480 --> 00:19:29.799 giving your apps, be careful about clicking on suspicious links, 389 00:19:30.240 --> 00:19:33.960 and always always think twice before connecting to a Wi 390 00:19:34.000 --> 00:19:36.920 Fi network you don't recognize all great reminders. 391 00:19:37.599 --> 00:19:40.400 It really does sound like cybersecurity. It's just as much 392 00:19:40.440 --> 00:19:43.839 about you know, personal responsibility as it is about having 393 00:19:44.240 --> 00:19:47.920 all the right tech and fancy tools in place. 394 00:19:49.200 --> 00:19:52.000 And that brings us to something else important that's covered 395 00:19:52.000 --> 00:19:55.759 in this handbook, incident response. You can have the strongest 396 00:19:55.759 --> 00:19:59.200 defenses in the world, but a determined attacker, while they 397 00:19:59.240 --> 00:19:59.920 might still find. 398 00:19:59.799 --> 00:20:03.160 A way in so incidant response this is about knowing 399 00:20:03.200 --> 00:20:05.160 what to do when those alarms start going off. 400 00:20:05.119 --> 00:20:08.319 Right yeap, containing the damage, finding that root cause, getting 401 00:20:08.359 --> 00:20:10.799