Transcript from the "Hacker Motives" Lesson
>> Mike North: So regardless of which of these categories someone fits into, they kinda follow the same procedure here. The first thing they do is reconnaissance. They're gonna gather information about your system. They're gonna use that in order to research known vulnerabilities. So they might be able to look at your system and see that, this person is using Express on their back end.
[00:00:23] And they're using NGINX as a proxy server. And looks like they're using a new version of React. They'll put that together and there are databases of known vulnerabilities for certain versions of software that you can just basically look up and see. There maybe some ready-made, easy to execute attacks and it’s basically like pushing a button.
[00:00:45] You can run a shell script and it’ll just pull an attack from a database and try to execute it. So, and I want you to also understand that like the game over situation, it may not necessarily look like a game over situation. Meaning sometimes getting a foothold into a system is not, it is not like I can open up a terminal and start executing my own code.
[00:01:08] It might just be that I can put a file in a particular place. And the point is, you wanna be able to get some foothold and then escalate from there. Maybe it's just a cross-site scripting error, but I can eventually hit an admin's account and that will let me put a file in a particular place and that will allow me to install a root kit.
[00:01:29] And at that point I have full control of the system. But it happens in increments. And I want us to recognize that the game over situation, that was the cross-site scripting error. That was the cross-site scripting vulnerability. You have to assume that these can be exploited and escalated to a point where the consequences become way more severe than like you can run code in my browser as an authenticated user.
[00:01:53] I understand that's not good, but what's the big deal? The big deal is that is used to stage something else, to stage something else, to stage something else, and then you've lost everything. So we need to understand that I may not be able to, right now, on your HTTPS connections to Frontend Masters, interfere with what's going on.
[00:02:15] But I could get you to go to another website, right? And then eventually get you to accept a certificate that will then let me get in between you and who you think you're talking to. So just lower the bar on the game over situation.