Hello and welcome to this course where we're talking about Python for initial access. In this video, we're going to introduce the initial access tactic of the MITRE ATT&CK framework, and so initial access is the point in the MITRE ATTA&CK framework where an attack transitions from planning to execution. In the pre- attack framework, we're mainly in the planning and preparation stages where performing reconnaissance and developing the resources will need to exploit a vulnerability that we identified during reconnaissance. When we move to initial access, we're taking our first step where we are intentionally, maliciously interacting with an organization's network or systems by exploiting a vulnerability discovered during pre-attack, and depending on how we performed reconnaissance, this might be the first time that the attacker interacts with the target network at all, let alone interacting only with malicious intent. It's important to note that the lines between the MITRE ATT&CK stages or tactics can become very blurred at this point in the MITRE ATT&CK framework. For example, if you're performing an SQL injection attack to determine if a particular system is vulnerable to SQL injection, you could be covering reconnaissance because you're performing a test. Initial access because that attack could provide access to the target system and also later Tactics in the framework such as Data exfiltration, but we're going to try to focus primarily on techniques that are designed to provide that initial foothold on the target system. So there's actually a variety of different techniques by which an attacker can achieve this initial access there is Drive-by Compromise using a malicious website, there's Exploitation of a Public- Facing application, perhaps through SQL injection, taking advantage of External Remote Services like VPNs, RDP, etc. Making modifications to hardware used by the organization, Phishing attacks that send malicious links or attachments to a target, Replication Through Removable Media, so a weaponized USB thumb drive, external hard drive, etc. Compromise of a software, hardware supply chain. So injecting malicious code into applications used and trusted by an organization, exploiting a trusted relationship, such as a Vendor's Access to an organization's network, and then finally, taking advantage of valid accounts on the system. So Python code can be applied to several of the different techniques that fall under the initial access tactic. Many of these attack vectors can be automated at some level, including with Python code. In this course, we're going to be demonstrating to applications of Python for initial access. We're going to be taking a look at the valid accounts technique and using Python for the Sub technique of default account discovery. Additionally, we'll take a look at the Replication Through Removable media technique and investigate how we can use Python with AutoRun scripts on a weaponized USB, and so in the next video, we'll start out with an introduction to Valid Accounts. Thank you.
