1
00:00:08,010 --> 00:00:13,300
All right, so in the last lecture, we talked about two facts, two facts, right?

2
00:00:13,320 --> 00:00:20,190
So we talked about two to have a series of frequently asked questions.

3
00:00:21,060 --> 00:00:26,340
Now, I want to dig into where you can go to get your sources, you know, because as you go through

4
00:00:26,340 --> 00:00:30,640
the training, you're most likely going to have questions or you're going to want to know where do you

5
00:00:30,640 --> 00:00:32,490
know, how do I go deeper into these discussions?

6
00:00:33,060 --> 00:00:37,230
So, for example, we have an entire section on networking

7
00:00:39,690 --> 00:00:40,520
refreshments.

8
00:00:40,570 --> 00:00:40,860
Right.

9
00:00:43,140 --> 00:00:50,550
And let's say you're kind of rusty on your IP address skills or you need a little bit of a touch up

10
00:00:50,550 --> 00:00:57,750
on something that isn't right or any of the other networking related topics like routers and switches,

11
00:00:57,750 --> 00:00:58,500
things like that.

12
00:01:00,390 --> 00:01:07,680
What I've done with I compiled a sort of an accessory or an additional resource that complements this

13
00:01:07,680 --> 00:01:09,460
course on my guitar page.

14
00:01:10,140 --> 00:01:12,830
So let me do all this stuff.

15
00:01:13,530 --> 00:01:14,610
Now, that's just one example.

16
00:01:14,610 --> 00:01:18,270
The networking refresher might you might want to have maybe you want to go deeper with something else.

17
00:01:18,270 --> 00:01:19,810
Maybe you want to go deeper with laptop.

18
00:01:20,460 --> 00:01:20,820
Right.

19
00:01:22,350 --> 00:01:25,500
And you need additional help with VMware workstation.

20
00:01:27,400 --> 00:01:33,770
Or, you know, with Windows Server 2019, you'll have all of that in this resource section.

21
00:01:33,790 --> 00:01:38,560
So let me just stop talking about it and let me show you what I'm talking about so that you can see

22
00:01:38,740 --> 00:01:39,550
how awesome this is.

23
00:01:39,700 --> 00:01:44,950
Now, one thing to keep in mind is this resource is a sort of a work in progress, meaning I am continually

24
00:01:44,950 --> 00:01:46,030
adding content to it.

25
00:01:46,360 --> 00:01:52,360
But if you go to GitHub, dot com forward, slash vonne and the I as a one had to use leetspeak.

26
00:01:52,510 --> 00:01:55,810
Actually Vonne was taken, so I had to come up with the next best thing.

27
00:01:56,260 --> 00:01:58,990
And the actual name is modern.

28
00:01:58,990 --> 00:02:00,880
Underscore ethical, underscore hacking.

29
00:02:01,020 --> 00:02:02,230
You can go to the GitHub page.

30
00:02:02,770 --> 00:02:08,380
You can see I've got some comments there, but really it's just a resource where you can go a little

31
00:02:08,380 --> 00:02:09,710
bit deeper in each of the sections.

32
00:02:10,300 --> 00:02:13,660
So for example, the foundational material.

33
00:02:13,660 --> 00:02:13,890
Right.

34
00:02:13,930 --> 00:02:16,120
We're going to get into that in future lessons.

35
00:02:16,360 --> 00:02:19,210
Do you want to go deeper and wider attack framework or maybe you don't know what it is?

36
00:02:19,450 --> 00:02:22,470
I typed up this little blurb to help you understand, you know, what it is.

37
00:02:22,510 --> 00:02:25,660
So at a glance, you can say, OK, now I know what my terror attack is.

38
00:02:25,900 --> 00:02:32,260
It's a comprehensive knowledge base of adversary tactics, techniques and procedures based on real world

39
00:02:32,260 --> 00:02:34,410
observations of cybersecurity threats.

40
00:02:35,140 --> 00:02:36,790
And then I go into a little bit more detail.

41
00:02:36,940 --> 00:02:43,630
I tell you how the data is laid out in matrices arranged by attack stages from initial access to actual

42
00:02:43,630 --> 00:02:50,050
objectives and impact tactics are displayed across the top header as attacker goes right.

43
00:02:50,060 --> 00:02:52,630
So I can control click this and the control quickness.

44
00:02:54,000 --> 00:02:57,420
I'm doing my drag this window out and drag it over to the right.

45
00:02:58,620 --> 00:02:59,590
Michael, the other window.

46
00:03:02,430 --> 00:03:02,940
I'm going to do.

47
00:03:03,770 --> 00:03:04,790
It's not quite right.

48
00:03:04,820 --> 00:03:05,290
Here we go.

49
00:03:06,580 --> 00:03:07,730
But zoom out a little bit.

50
00:03:08,500 --> 00:03:09,430
Control minus.

51
00:03:11,760 --> 00:03:15,900
And it might be a little bit hard to see, but I'm going to zoom in as I'm editing this, you might

52
00:03:15,900 --> 00:03:19,200
be easier to see, but across the top you can see here what it says.

53
00:03:20,350 --> 00:03:21,310
The lieutenant says.

54
00:03:22,800 --> 00:03:27,840
Tactics are displayed across the top header attack of goals, so these are the attacker goals, the

55
00:03:27,840 --> 00:03:31,910
attack on us to get initial access, or do they want to escalate their privileges?

56
00:03:31,920 --> 00:03:34,320
Do they want to gain credential access?

57
00:03:34,830 --> 00:03:36,360
Do they want to exfiltrate data?

58
00:03:36,630 --> 00:03:37,500
Those are the tactics.

59
00:03:37,920 --> 00:03:42,320
Techniques are displayed in columns, in detail how attackers achieve these goals.

60
00:03:43,230 --> 00:03:46,280
So let's say the attacker wants to gain access.

61
00:03:46,290 --> 00:03:46,850
How do they do that?

62
00:03:47,220 --> 00:03:48,690
Or they can do a drive by compromise.

63
00:03:48,690 --> 00:03:50,730
They can exploit a public facing web application.

64
00:03:50,730 --> 00:03:51,380
They can fish.

65
00:03:52,140 --> 00:03:55,040
And of course, you can expand this and see what sub techniques are as well.

66
00:03:55,320 --> 00:03:59,340
And then, of course, if you dig a little deeper, for example, if you go in to exploit public facing

67
00:03:59,340 --> 00:04:01,260
Web application, you can get the procedures.

68
00:04:02,010 --> 00:04:07,320
And over here, I tell you, the procedures are the technical finger and keyboard commands for execution.

69
00:04:07,830 --> 00:04:09,330
And sometimes you can actually see that here.

70
00:04:09,370 --> 00:04:10,650
This tactic doesn't have that.

71
00:04:11,550 --> 00:04:12,210
I don't think.

72
00:04:15,330 --> 00:04:19,630
But some of them do so for exploiting a public web application that could be that's kind of brought

73
00:04:19,630 --> 00:04:19,920
right.

74
00:04:21,170 --> 00:04:23,120
And if we go to, like, recon, maybe.

75
00:04:24,480 --> 00:04:26,120
And we go to like act of scanning.

76
00:04:26,190 --> 00:04:27,140
Maybe there's something in here.

77
00:04:29,160 --> 00:04:31,710
They're making me a liar, you make me a liar.

78
00:04:32,090 --> 00:04:35,420
Sometimes it shows you the actual commands that were typed.

79
00:04:36,110 --> 00:04:38,380
I'm having a hard time finding an example of that right now.

80
00:04:38,390 --> 00:04:40,940
But the point of all of this was just to show you.

81
00:04:41,980 --> 00:04:45,790
That this is Wicky or this GitHub page that I built will continue.

82
00:04:45,820 --> 00:04:50,470
We have examples and data that you can use to sort of support your studies.

83
00:04:51,310 --> 00:04:53,200
And I'm building this out as we build this course.

84
00:04:54,340 --> 00:04:59,320
And you'll see very quickly that it's going to be something you're going to want to bookmark.

85
00:05:00,100 --> 00:05:05,130
OK, this is also a really good resources port Swiegers Top 10 WABAC of resources.

86
00:05:05,750 --> 00:05:07,420
And this is almost like a last top 10.

87
00:05:07,500 --> 00:05:08,220
It's that good.

88
00:05:08,270 --> 00:05:10,170
And I think it will get to that.

89
00:05:11,590 --> 00:05:13,310
Anyway, that's all I have in this lecture.

90
00:05:13,720 --> 00:05:19,250
Next one, I'm going to share my story of how I got into ethical hacking all season next year by.