Play by Play: Ethical Hacking - Deconstructing the Hack

In this Play by Play, we talk through a number of real world hacking incidents that align to courses within the Ethical Hacking series. We don't just talk, we take these incidents and explore the mechanics of how the underlying risks are exploited.
Course info
Rating
(50)
Level
Beginner
Updated
Sep 26, 2016
Duration
1h 29m
Table of contents
Description
Course info
Rating
(50)
Level
Beginner
Updated
Sep 26, 2016
Duration
1h 29m
Description

Attacks against information systems have become the established norm for online assets these days. Hacktivists, career criminals, and nation states are all actively compromising our systems with unprecedented regularity, but for many technology professionals, the risks to them remain hypothetical; they hear about these incidents on the news but don't get exposure to how the attacks are actually executed. In this Play by Play, we talk through a number of real world hacking incidents that align to courses within the Ethical Hacking series. But we don't just talk, we take these incidents and explore the mechanics of how the underlying risks are actually exploited. It's a real world, very practical look at the state of online security as we deconstruct the hacks.

About the author
About the author

Gary Eimerman is VP of IT Pro Content at Pluralsight. He brought his expertise over from TrainSignal, where he spent eight years helping to grow the company into the leader in online IT training.

More from the author
More courses by Gary Eimerman
About the author

Troy Hunt is a Microsoft Regional Director and MVP for Developer Security. He's a regular conference speaker, frequent blogger at troyhunt.com and is the creator of the data breach notification service known as “Have I Been Pwned”.

More from the author
Modern Browser Security Reports
Beginner
57m
Aug 3, 2018
More courses by Troy Hunt
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Welcome to this Play by Play with Pluralsight. A Play by Play is a course where we sit down with an expert and take on a technical challenge in real time. In this Play by Play, we sit down with security expert, Troy Hunt to discuss some of the highest profile hacks in recent history, including TalkTalk, Ashley Madison, Sony Pictures, and Nissan. We discuss the hacks, we explore the mechanics of how these exploits happened, and discuss ways that we as security professionals, developers, and admins can mitigate these risks in our own environments. This course is the perfect supplement to Pluralsight's Ethical Hacking series where you can dive deeper into each of the topics we discuss. Whether it be criminal, in capital gains, or hacktivism, our apps, networks, and data are under attack. Join us as we learn from the misfortunes of others to help improve our own safety in this digital world.

Distributed Denial of Services (DDoS): Nissan
We've got one more hack here today and I know, as a car guy, this one's got a little special, for you because it is Nissan. Yeah, or as we would say Nissan. So let's have a little talk about what happened with Nissan earlier on in 2016. So the situation with Nissan and we might talk about a couple of Nissan related security things, now that I think about it. The one I wanted to start with here was around Nissan getting a distributed denial of service attack by Anonymous earlier on in the year. You know Anonymous is this sort of, it's a very loose term these days, because anyone can say, "Hey, we're Anonymous. " So who knows who it really was. But this group that was allegedly Anonymous, decided to DDoS Nissan in January 2016. And in fact, I'll ask you, this is sort of an interesting question and it speaks to the motives of hacktivists sometimes, why do you think hacktivists would want to DDoS Nissan? That's a great question. What does Nissan do that is so wrong, that is so recalcitrant that you would want to DDoS them? Someone had a bad experience at their local dealer? I don't know. Well this is Anonymous right? It's a collective of people. So they DDoS:ed Nissan because of the whales. Okay. (Laughing) Bear with me, so Nissan is Japanese, alright. And Japan still has whaling, which many of us would like to see ended. Obviously Anonymous in particular would like to see ended and they thought, "The way we're a going to do that, "is we are going to DDoS a Japanese company "and that will stop the whaling. " The only thing that has stopped since the DDoS, is the DDoS itself, which didn't go on for very long. Because ultimately a DDoS does tend to be a little bit of a short term thing. It's this attack that comes on, defenses are laid over and then everyone moves on and gets on with their jobs and there's some amount of traffic that's lost in the interim.