Gain in-depth knowledge for passing your exam with Exam-Labs SY0-601: CompTIA Security+ certification video training course. The most trusted and reliable name for studying and passing with VCE files which include CompTIA Security+ SY0-601 practice test questions and answers, study guide and exam practice test questions. Unlike any other SY0-601: CompTIA Security+ video training course for your certification exam.

1.2 Potential indicators of attacks

1. Introduction to Malware

Here in this section, we're going to be talking about malware. Now, before we get into all the pretty cool malware that I'm doing some demonstrations of so you have a good understanding, let me just give you guys a couple of things. First of all, malware means malicious software, and this can include viruses, worms, Trojans, and so on. Now, I do want to point out viruses. So notice term for your exempt. Most people think when they are determinedof a computer virus, they're thinking ofthings that steal your data. They're thinking of things that corrupt your data. But I want you guys to notice that, for your example, malware, the objective of viruses is to spread. All viruses have this thing in common: their objective is to spread. Now, some of them will delete your data, some of them will steal your data, and some of them will hold it for ransom, right? Ransomware. So remember, with viruses, the objective of a virus is to spread. Now, generally speaking, a virus needs user interaction to spread. And in order you have to do something for it to spread. versus a worm. A worm is a virus that spreads by itself. So, let's say this computer gets infected with a worm, and basically what happens is that it starts to infect computers on the network by itself. As a worm spreading by itself, it will look for shears, copy itself, and execute itself. So remember something: Worms are basically viruses that spread by themselves. And a virus is basically a piece of software. It's a malicious piece of software that requires user interaction to be spread. Okay, just a couple of quick terms there. Now let's get into all this pretty cool malware and give you guys some interesting demonstrations such as different types, ransomware, Trojans, and all this good stuff. Let's have some fun in this section.

2. Ransomeware and Cryptomalware

In this video, we're going to be talking about crypto malware and ransomware. Now, crypto malware. First of all, the word malware means malicious software. Crypto malware is software that infiltrates your computer and steals your data. And then the ransomware part of it basically holds you ransom because the encrypted data isn't get your data back.They're going to make you pay to get it back. Now, in the year 2020, this is something that is very popular all over the world. As I've been watching this video and hearing so many stories, I've read so many articles about organisations getting hacked and having to pay normal sums of money in the hundreds of thousands to millions of dollars to get their data back. So this is something that's really important to know—not just for your exam, but in real life. And the only way to prevent it is to avoid becoming infected in the first place. Most of this ransomware is spread through email. You get a link in an email, you open the email, and before you know it, it infects your machine, basically. And it basically encrypts your file. And the only way you're going to get it back is if you have a data backup or you pay them. So this is the ransom part, where they're going to ask you to pay them. Now we're going to have some fun. In this video, I'm actually going to execute ransomware on my virtual machine that I have. Insured is a completely locked state, and the computer we're going to be using is an off-the-network machine. So let's have some fun with this. If you've never seen this before, let's see what it looks like. So here I am at my old windows. Seven. This is just a clone of my Windows Seven box, and I do not recommend you try this at home. You don't know what you're doing. You can severely lock up all your files on your computer. So I'm going to go in here to network, and I'm going to shut the network adapter off on the VM. So the VM ensures that the VM cannot get out. Now, I've already put malware on this computer. This particular one is called the Pete. This is a very famous ransomware that has spread across the world. There were different variants of it, but let me show you what it looks like. I'm just going to double click here on this PDF, and it wants to run. So ideally, you could probably just email this PDF to someone. It doesn't look like anything is happening, and that's it. It just shuts off, and it looks like nothing. Basically, it shuts the machine off. Now when I turn the machine back on, let's go in here and turn this machine back on, and let's see what happens when it starts up. Now it starts up by looking like it's running a check disk. Now, if you remember from a plus-a-check disk, It's the fixed errors on my desk. And then now it looks like it's doing this and that it's been rebooted, and we are in trouble. It is now displaying you or pressing any key. And, once again, this is in a VM, all right, this is in a virtualized separated network, pressing any key, and the computer will not boot. It tells us that the hard discs on your computer have been encrypted with military-grade encryption. There's no way to restore your data. They want us to go to these websites and enter this decryption code. And I believe they wanted us to pay around $300. I think this is something like $300 they wanted us to pay in order to get the decryption code. If this machine had had vital information and I had gotten myself infected, this would have been an issue. But of course, this is just a virtual machine. So the best thing I can do is right-click, and since I'm in VirtualBox, I'll say remove. I'm going to delete all of the files. And that got rid of that machine with the malware on it. One of the other famous ones that I do want to show you guys is CryptoLocker examples.This is a "here we go." So this was another very famous one that I personally saw where people got an email with crypto locker.So in this particular one, you would get the same kind of concept, except it was a photographical interface. It just didn't reboot the machine. And then they would tell you that you have to pay them. And this thing was really popular when it came out in 2013 or so. I remember it. I helped an organisation clean it up. And there was no way to fix it at the time because it encrypted your data with a key and effectively encrypted the data with a key. And you have to pay to get the key to decrypted. And we're going to talk more about public-private key cryptography, which comes up later in this class. When we get to cryptography, just know it's encrypted with an encryption key, and then you have to pay to get the decryption key to get the data back. And it cost around $100 to get your data back. Okay, so the question here would be,hopefully you guys have fun seeing that. I do not. If you're asking yourself, so where's the link to the malware? I am not going to provide that, not in this class. And I don't recommend looking on the Internet for these types of things, especially if you're a newbie. You could get yourself an electrolyte for your exam. You just have to be able toanalyze these potential or determine indicators thatare basically ransomware, crypto malware. You just need to know what it looks like. But for your exam, you don't need to play around. If you want to really play around with a lot of different hacking tools, take my CEH class. That's a lab course. We'll do a lot of good stuff in there, but for now, this is all you need to know. So, ransomware, crypto malware. How do we stop these things? The best thing you can do is keep Windows up to date. Make sure that you always have good, valid antivirus. So I had to think of Windows Seven because there's no antivirus on it. If I dragged that onto my Windows 10 desktop or installed it on my computer, it would not have run. Because it is an old, basically old ransomware, Windows Defender would have killed it immediately. And you want to make sure you train your users not to download any kind of link. Don't tell Bob not to click on that link in the email. Bye.

3. Trojans and RAT's

In this video, we will discuss Trojans as well as a RemoteAccess Trojan, which is a wrapper for remote access Trojans. So first of all, what is a Trojan? So Trojan comes from the story of the Trojan Horse from Greek mythology, where they hid inside of this horse and dragged it into the empire because they thought it was a gift, and the soldiers came out and burned the place down. That's history. You don't need to know it. So a Trojan horse in the computer world is a programme that you download that you think is one thing, but it's not. It's actually malware infecting your computer. Known Trojans or Trojans such as bogus antivirus You may visit a website that informs you that you have a large number of viruses on your computer and that you should download this Trojan, this virus, in order to clean it up. So you download it, and you get a free antivirus, but it's actually the malware itself that's the virus. So, a Trojan is essentially a programme that has been disguised to look like another. Of course it's malware. Don't download it. The other thing here that's mentioned in your exam is something called a Remote Access Trojan (RR).Now the Remote Access Trojan allows you, when you install it, to take complete control over somebody else's computer. I have an example here of a really old one running on Windows Seven called Thief. And let me show you what it's capable of. Now I've already set it up, and here I am. This is the server itself. This one here—this is the Thief server, and this is connected to this other Windows 7 box over here. So this one here has the client installed, and I'll show you how it looks. Now, I'm not going to give you guys links. I know people always ask; don't ask in the form, please. I don't give links to malware, and I don't recommend you guys looking for malware. I keep saying this. I know every time I teach this, people say, "Oh, where's the link to it?" I don't give links to malware. These types of software are dangerous, and they can really affect your machine and get you in some trouble. So if you want it, you can go look for it. You can see its name here. But I don't recommend doing this. The best thing to know is just to know what it is, and I'm showing you what it is. So it's already set up. So basically it's just a folder with software in it. You would have to run the server. This is the piece of software you would run on the station to turn it into the computer to be controlled. The computer is being controlled, and the client is the software that's controlling the server. So this one, the blue, the full Windows 7, is the client, and this one is the server. So I want you guys here. Now watch this. So basically, I have complete control over this particular workstation. So I could do all types of crazy things here with all the computer information. So this is a VM that I have, but then you can get into some interesting things here. First of all, let's have some fun. Where's the fun in options? Here we go. Fun. So visual, let's go to desktop. So you could do all types of weird things. The guy is using the computer; you can just hide his taskbar. See, the password disappeared. Maybe I want to show it again. his desktop icons. You'll notice the icons here. I can simply say hello, and he will lose his icons, which I can then re-show. You can change the wallpaper from one side to the other. The other pretty cool thing you have is a file manager. So you can actually see files on the person's computer. The other one here is pretty cool. It's called "spy in. Look at this. I'm going to turn on a keylogger on this person's machine, and I'm going to say "start," so you see I said "start." So right now the keylogger has started. So let's go back here. So the guy doesn't even know that I am monitoring his machine. So this guy starts to type in Notepad. He's looking for the notepad I am typing, and you can see I was typing a message there. Type in a secret. Secret, good enough. I'm really bad. Tell him a secret message. Okay, good enough. Close this out while he's typing and with each keystroke he's typing this specific phrase. This particular keylogger is keylogging it. So I thought that was pretty cool. You can even view the webcam if you want to. If they have a webcam, you can turn it on so you can see it. There's even a remote prompt that you can pull up. Quite a lot of interesting littlethings that you can do. You can even capture screenshots of it. So here's a screenshot, and it's going to chew it up, and it's going to capture the screen. So there are quite a few things, and this software is quite old, okay, there are many options, red edges, power, you have a lot, and I'm not going to go through all of them here, but I think you get the idea that this is known as a remote access Trojan or a rat. This one is quite old, and it will not work in later versions of Windows. To make this work, I have to turn off Windows' firewall, because it's actually running on a very particular port. And how do you stop this? How do you not get your machine infected so someone can hide your desktop icons or your taskbar or key logo? There's even one where you can listen to people's microphone and turn on webcams. And whatnot, how do you stop? This is question number one. Keep your machine up to date. Number two antivirus Number three firewalls Right? Make sure you have a firewall turned on. Number four user training. Don't click on links where you can get yourself infected. To make this work, you have to double click on that server. That server. And basically, when you double-clicked on the server, nothing happened. It just got executed. So it was an executable. So you'd have to get theexecutable to the person subject. Okay, interesting stuff here. Let's keep on going and check out other types of malware.

4. Bot and Command and control

In this video, we're going to be talking about bots and command and control centers. Let's get started. So first things up, what exactly is a bot? Now a bot is a computer that's basically been infected with malware, and it's going to be controlled by someone else. So, for example, let's say you have a computer that is not updated, has default passwords, and you use it to download illegal software. Maybe you are downloading some copies of Microsoft Office; offer some torrents. Many of these types of software that you obtain illegally, from illegal websites, and so on, are likely to be infected with malware that turns your computer into a bot. Now what that means is when they turn your computer into a bot, they're basically going to be able to control your computer, and then they can use your computer to launch attacks against other computers. So if your computer becomes a bot, then they'regoing to infect your friends and your family andyour other neighbours and people around the world. And imagine if they did this to a whole lot of people and infected a whole lot of computers. Now, one of the most famous pieces of software that did this infected a lot of computers around the world, and it really wasn't just computers. It was IoT devices, things like baby monitors and web DVR systems. It basically infected a lot of IoT devices or Internet of Things devices and turned them into a giant botnet, the Mariah botnet, allowing it to take down massive websites. And one of the largest DDoS attacks was done because of this botnet. I'll show you a quick article here on Wikipedia. So in 2016, one of the largest DDoS attacks was known as the 2016 Dyna DNS attack. What they did was use the Mariahbotnet malware to create a giant botnet. And they listened to it all the time: printers, IP cameras, baby monitors, residential gateway routers. Those are all the websites that this thing here took down in that year. I'm not going to go through them. Amazon.com is here. Comcast, DirecTV GitHub, HBO, and lots of different websites Netflix is here. Also PayPal. This list goes on and on. You can take a look at this later. So basically, because of this giant botnet, this giant DDoS attack was being controlled by something. So when it comes to bots—bots again for your exam—or computers that are infected with some kind of malware that allows them to control it Again, it's not just computers, but any device with an IP address; the more I looked into the botnet, the more it went after IoT devices, and it basically telnets into these devices and it's difficult to fault passwords, and it basically allowed people to connect to it and allowed hackers to connect to it and control it. Now the last thing I want to talk about is what's controlling these particular bots. That's called the command and control centers. The command and control centre is where you're controlling the bots from. So the command and control is the head of the botnet. So the hacker sits in front of the command and control centres and tells the bots, "Hey, go and take out this particular website or send a lot of traffic to this particular website." So that's what the command and control centre is. Okay, for your exam, just know what botis is and know what command and control are.

5. Fileless Virus, Logic bombs, spyware, rootkit, backdoor

In this video, we're going to be talking about a variety of other types of malware that you should be familiar with for your example, such as a file virus. We talk about what our logic bombs, spyware, rootkits, and finally a backdoor are. All right, so let's get started. The first thing I want you guys to know isa type of a virus called a file less virus. Now think about a normal virus. A normal virus—you saw me install some of them before—generally has a programme that has to be installed and run on your computer. a fileless virus. The unique thing here is it doesn't actually run on the hard drive; it's a fileless virus. It's actually a computer and just stays in RAM. As a result, there is no actual permanent storage of a file virus on your hard drive. So files virus is basically malicious software. Remember, for your exam, that stays in RAM; it doesn't save on your desktop or your C drive or anything like that. Okay? The other one here I want to talk about is something called a logic bomb. Now, logic bombs are probably going to show up on your exam. Make sure you know what they are. A logic bomb is a malicious piece of software that has some kind of detonation point or some kind of detonation trigger. So, for example, let's say I write a piece of malware and I send it to you. And when you double click on it, it basically infects your computer. And six months after the date of infection, it erases everything in your computer. Well, that there is a logic bomb. The logic bomb basically explodes due to the detonation of six months of waiting. So logic bombs have some kind of detonation point. Sometimes it's time, sometimes it's an action. I've seen logic bombs where you go to a particular website and you double-click on the website. You go to a specific website and attempt to log in, such as Chase Bank. And then when you go to Chase Bank, it turns on. That's its detonation point. It turns on and it t locks you and stealall your data and it shuts right back off. So logic bombs are going to stay dormant for a period of time until something happens. Time passes by or some kind of action you take thatturns it on, and then boom, it blows up again. This is called malware, right? So you've got to have anti-malware software. Just don't get infected. Don't click on the link, okay? The other thing I want to talk about is something called spyware. Now, spyware is a very popular piece of malware that infects your computer. And what they do is, quote-unquote, spy on you. It basically steals your information. Now, spyware may not do anything to your computer. You might not even know you have it. It might be there just stealing and loggingall your information, all your credit card, allyour password, quote unquote spying on you. Once again, this is malicious software, and you shouldn't be getting it because you're not going to click on links and you're going to have good antivirus or keep your machine up to date. The other thing is something called a rootkit. Now root kit is a very complex piece of software, but what it does is allow attackers to get, quote, unquote, "root" privileges on your computer. So for example, let's say you're a hackerand you got access to this machine, butthis machine only has user privileges. So what you want as a hacker is the ability to get admin privileges on the computer. So what you're going to do is install a root kit on this computer. So you install the root kit on the computer, and all of a sudden, you have quote-unquote root privileges. Or you see root in Linux means adminin Windows will say give you admin privileges. A rootkit is basically software that is installed on a computer to allow the hacker complete root access. And that could be rootkits, which have been known to work and get onto operating systems. Some of them even work against and take control of the BIOS on the computer or the firmware. Okay, the last thing I want to talk about is a backdoor. A backdoor is basically like a Trojan horse. It essentially allows attackers to gain access to your computer and manipulate information for you or monitor it. If you guys remember when I installed the remote access Trojan—the Rat software—that's the type of backdoor. It's basically a piece of software that you install on a computer that allows you to get back into that computer and monitor and steal data from it. Okay, so we talked a lot about different types of algorithms in this video. Remember that the Files virus operates on the RAM side. It doesn't store anything on a hard drive. We talked about logic bonds. Remember that something has some kind of detonation point—maybe time or some kind of action. Spyware will steal your data. A root kit will give you admin privileges over a box, and then a back door is another way into your computer. Make sure to take notes on terms for your exam.

6. Adversarial artificial intelligence (AI)

In this video we're going to be talking about adversarial machine learning. Let's get into this. So adversarial machine learning is basically having machine learning or artificial intelligence do things that it's not supposed to be doing. In other words, it is working against itself. So let's get into exactly what machine learning is. First of all, machine learning really is something that's affecting all aspects of your life. Right now, computers are becoming more automated, and it's helping us do more things. For example, self-driving cars A self-driving car has a lot of machine learning to learn the streets, learn the patterns, know where to go, know the stop signs, know the speed limits, or whatever. Machine learning helps computers identify human faces. It helps to identify that as a dog and that as a cat. It helps us with things such as detecting spam. It assists us in determining what is a virus and what is not. So this is something that really affects the way we use computers. And as time has progressed, this will start to affect more of our lives, making this topic a hot topic. Make sure you know what it is. So adversarial machine learning is about hacking these types of systems and having the outcome not be the desired outcome. Let me show you an example of this. So there are a couple of examples of this thing here that make it pretty easy to understand. So they went out and got a turtle. This is the 3D-printed turtle. They took a turtle and they slightly modified this toyturtle and fooled the deep learning zooming on this. It makes it easier to see. And what they did was trick these deep learning algorithms into thinking this was a rifle. Now, neither I nor you can see that. I guess I could see a little bit of it, but they manipulated it very slightly to make you think that it is a rifle. And the other thing—the other one here—that I found interesting was the stop sign. I think this one here is good to know. So what they did was discover that by adding small black and white stickers to a stop sign, they made them invisible to computer vision algorithms. This would have a drastic effect, for example, on self-driving cars because now a self-driving car, instead of seeing a stop sign, doesn't see anything and goes right past the stop sign. This, of course, can have drastic effects on your physical safety. So now viruses are not just about stealing your data. Now it might just be killing you. It's pretty serious stuff. So as you can imagine, this is about to become a really big thing in our field of security. Wikipedia We're going to take a look at three strategies and why they want to do this. Number one, evasion attacks So when they do this, it leads to evasion attacks. Basically, what happens is that they're trying to evade certain things. So, for example, machine learning is able to detect if that email is spam. It's also able to detect if that software is malware. So in an evasion attack, when it comes to this topic, what they're going to do is manipulate that email or manipulate that malware, making the antimalware and anti-spam believe that it's legitimate software or legitimate email, getting right past the filters. Another one is called poisoning. This one deals with contamination of the training data or manipulating the training data within these systems. So the training data is how the system will learn. Training data is really simple. Like, if you want a computer to detect that that's a turtle and that's a person, just keep showing pictures of people holding turtles and showing a picture of a cow and a turtle; eventually the machine will learn, "Okay, so those are what turtles look like, and those are not turtles." But what you could do is contaminate this training data, retraining the machine. So, for example, in this one, they're mentioning the ID system. IDs is a train to detect intrusion. So let's say an ID knows that a pattern of, like, this type of traffic is good. I'm sorry. That right. So what you can do is retrain it to say this pattern of traffic is actually good. So in this one, it's basically getting it right. So you're poisoning the training data to make the system see something different. The other one is model Steven. In this one here, you're going to probe a black box, machine learning, in order to reconstruct a whole different model to train it on. So it's a whole different model of training. All right. Machine learning, like self-driving cars, I believe will have a much greater impact on our daily lives and routines in our society today. Machine learning, of course, affects everything from logging into your phone with facial recognition to your health. Right. even buying things online. Machine learning tells you what products Amazon wants to sell you or what movie to watch on Netflix. But if these data get contaminated, then it may produce undesirable results. So what are some ways to fix this? Well, one thing to do is to secure the machine algorithms, the machine learning algorithms, by securing them and ensuring that the data that is being fed to them is correct. That way, by securing it and making sure the data is fed to it, you're going to ensure that it produces the correct results. For example, knowing that that thing isn't a stop sign. Nothing there. All right, so it's a pretty interesting topic. I think what I went over in this video is more than enough. what you need to know for your exam. I think I went overboard on it. But as I was doing research to do this video I found it really interesting. And I did find some pretty interesting data. not just for these pictures. I try to keep it simple, just for the exact purpose, but do some research on this. You'll be really surprised to know what's out there. And even though I've been doing security for a long time, it scared the hell out of me.

Pay a fraction of the cost to study with Exam-Labs SY0-601: CompTIA Security+ certification video training course. Passing the certification exams have never been easier. With the complete self-paced exam prep solution including SY0-601: CompTIA Security+ certification video training course, practice test questions and answers, exam practice test questions and study guide, you have nothing to worry about for your next certification exam.

Hide