1
00:00:00,000 --> 00:00:04,480
Now believe it or not, the purpose of this skill was not to go through and just completely

2
00:00:04,480 --> 00:00:10,680
wreck house and explain how to exploit memory vulnerabilities. It was actually to go through

3
00:00:10,680 --> 00:00:16,200
and fix them. And I'm going to point out to you one of the easiest ways to be able to

4
00:00:16,200 --> 00:00:21,680
do that by swapping over here real quick and showing you Windows Update. And that's right,

5
00:00:21,680 --> 00:00:27,160
Windows Update does a lot of this vulnerability patching that we've been discovering on this

6
00:00:27,160 --> 00:00:31,559
targeted system. Now I'm not going to do it because that would mess up the lab template

7
00:00:31,559 --> 00:00:37,000
here. But I would highly encourage you to go through and apply updates to your system

8
00:00:37,000 --> 00:00:42,639
inside the lab environment. I know it would take a bit. And then run another vulnerability

9
00:00:42,639 --> 00:00:49,680
assessment from Meta Printer inside of MSF Console. More specifically, MSF Console using

10
00:00:49,680 --> 00:00:56,119
that exploit search that we went over previously in the skill. Now you may be wondering, does

11
00:00:56,119 --> 00:01:01,520
this take care of all the memory exploits? And absolutely not. And the reason for that

12
00:01:01,520 --> 00:01:06,239
is because there's going to be third party programs on a particular system that don't

13
00:01:06,239 --> 00:01:13,160
necessarily belong to Microsoft. A lot of those programs like Adobe's guilty of it a

14
00:01:13,160 --> 00:01:18,519
good bit where they'll have vulnerabilities pop up out of nowhere. Some of them are even

15
00:01:18,519 --> 00:01:25,080
zero day pop ups. And that's unfortunate because zero days, as we know, don't have

16
00:01:25,080 --> 00:01:32,400
a known fix for them or at least publicly. Now in order to really go through and do this

17
00:01:32,400 --> 00:01:38,120
and find where the exploits are, that's what pen testers are for. And that's why we're

18
00:01:38,120 --> 00:01:43,879
here. So it's not necessarily that we go through and exploit every vulnerability that we find.

19
00:01:43,879 --> 00:01:48,239
We just make note of it. So in the previous instance of this skill, we would just make

20
00:01:48,239 --> 00:01:54,040
a note saying, first of all, we were able to exploit it just for connection purposes.

21
00:01:54,040 --> 00:01:59,120
If you go through the CVE notes that we read linked above, you would also see that there's

22
00:01:59,120 --> 00:02:08,320
a possibility of administrative privileges escalation. Now we would note in for our report

23
00:02:08,320 --> 00:02:13,039
that we were not able to do that in this particular instance. And that's a good thing. So that

24
00:02:13,039 --> 00:02:17,679
means that other controls are put into place that prevent that. But the connection was

25
00:02:17,679 --> 00:02:23,720
still there, causing more problems later on. So it could be that a hacker has gotten

26
00:02:23,720 --> 00:02:29,039
into the system, uses that particular exploit, says, I'm not able to elevate permissions

27
00:02:29,039 --> 00:02:34,559
the way I wanted to. So they go through and do another vulnerability assessment and then

28
00:02:34,559 --> 00:02:39,759
go through and find a way to get into the actual administrative side of the house on

29
00:02:39,759 --> 00:02:47,119
your target system. Now there's a whole lot of what if in this scenario, but that's what

30
00:02:47,119 --> 00:02:52,720
we pen testers are here for. And again, one of the easiest and quickest fixes to be able

31
00:02:52,720 --> 00:02:59,360
to fix memory exploits is making sure that we do Windows updates and also apply applicable

32
00:02:59,360 --> 00:03:05,960
updates to the targeted pieces of third party software that our organization may utilize.

33
00:03:05,960 --> 00:03:09,779
Now I do want to kind of pick on you programmers out there a little bit because I'm guilty

34
00:03:09,779 --> 00:03:16,880
of this too, that when we do create our programs, that we make sure that we do input validation,

35
00:03:17,759 --> 00:03:22,479
and all this other great stuff. Because we've seen the code examples above where we get to have

36
00:03:23,360 --> 00:03:29,440
potential memory overflow problems and memory exploitation problems. And that's essentially

37
00:03:29,440 --> 00:03:36,960
what happened against notepad.exe in our example from the skill. So it's imperative to go through

38
00:03:36,960 --> 00:03:44,800
and actually make sure that we have somebody troubleshoot and stress test the code that

39
00:03:44,800 --> 00:03:50,160
we're developing for our programs. But remember, it's all about the patching,

40
00:03:50,160 --> 00:03:55,199
all about the pen testing going behind them. And the security technicians can do this too.

41
00:03:55,199 --> 00:04:00,800
It's just that pen testers are a neutral third party that can come in and give an unbiased

42
00:04:00,800 --> 00:04:03,679
report based on their actual findings.