[0]
ever found yourself wondering how it is
[1]
that hackers get into company networks
[3]
well i'm going to show you one of the
[4]
simple but very common techniques you're
[6]
probably familiar with microsoft word
[7]
but did you know a microsoft word
[9]
code for example i wrote one here that
[11]
will just open a message box saying
[14]
now you might notice i had to click
[15]
enable content to run the code so how
[17]
would we get a user to do this
[19]
set a nice microsoft blue background i'm
[21]
going to add the windows security logo
[23]
and then i'm going to make a convincing
[25]
message telling the user they need to
[28]
i'll add a screenshot as well just for
[29]
example final product looks fairly
[31]
convincing so now it's time for some
[32]
real malicious code for my example i'm
[34]
using a powershell script it'll download
[35]
and run some malware that'll give me
[36]
full access to the computer in the real
[38]
world we probably disguised this as an
[40]
email containing a financial invoice so
[41]
that they would download and open the
[43]
document for demonstration purposes the
[45]
system on the left is the company
[46]
computer and the system on the right is
[48]
i'm not sure about a fake company
[50]
computer having a light up keyboard but
[52]
i'm using reverse vnc software so that
[54]
the company computer will connect to
[55]
mine that way we don't have to worry
[58]
moment of truth let's click enable
[60]
content as you can see from the window
[62]
flash that our malware has ran
[64]
and it's now connected to the hacker
[65]
system we basically have full control
[67]
over the company computer we can see
[69]
whatever is on the screen and even move
[71]
windows around like so
[73]
this is actually one of the most common
[74]
ways hackers get into company systems
[76]
so if you see that enable content
[78]
warning don't click it