Word Notes 8.11.20
Ep 7 | 8.11.20

credential stealing (verb)

Transcript

Rick Howard: The word is credential stealing.

Rick Howard: Definition: from the intrusion kill chain model, the first part of an exploitation technique or the hacker tricks their victims into revealing their login credentials.

Rick Howard: Example sentence: Elliot's boss got totally owned by a credential stealing attack.

Rick Howard: Context: after stealing the credentials, hackers legitimately log into the targeted system and gain access to the underlying network with the same permissions as the victim, hackers use this method 80 percent of the time compared to other ways to gain access by developing zero day exploits for known software packages. The most common way hackers steal credentials is with some version of a phishing attack.

Rick Howard: In Mr. Robot, Episode 3, Season 1, Elliott, played by Rami Malek sends his boss, an email that includes a link that takes his boss to a fake website that looks amazingly like Evilcorp's official website. Elliott created it using a software package called the Social Engineers Toolkit and a module within the toolkit called Credential Harvester. Both are real open source tools. Credential harvester automatically copies a website and then hosts the fake version of it at a hacker's specified location. Elliott's boss went to the fake website and entered his credentials to log in. Elliott collected those credentials from the fake website and use them to legitimately log into his boss's account.