Back to the Future of the Cyber Landscape

Author

Uriel Kosayev
Cybersecurity researcher and red teamer who lives both on the offensive and defensive fronts. The author of the “Antivirus Bypass Techniques” book, expert in malware research, reverse engineering, penetration testing, digital forensics, and incident response

In the video, I draw from my 15 years of experience to explain that recognizing repeated patterns is crucial in cybersecurity. While new forms of attacks emerge, the core vulnerabilities remain unchanged. I also demonstrate how AI is becoming a tool for attackers, enabling even those with limited knowledge to exploit systems.

I stress that defenders must think like attackers and that simply purchasing security solutions isn’t enough—testing and validating them is key. Awareness is a critical aspect of defense as well.

Gain Insider Knowledge

Subscribe to updates from the TrainSec trainers

Key Takeaways:

Pattern Recognition: Cybersecurity relies on identifying recurring vulnerabilities.

  • AI Threats: AI can be used for both good and malicious purposes.
  • Mindset Shift: Defenders should adopt an attacker’s perspective to stay ahead.
  • Test Security: Rigorous testing of security solutions is essential.
  • Awareness: Building awareness within organizations is vital to a successful defense.

For the full presentation and live hacking demo, check out the video:

Windows Security Researcher Badge

$1408

$1128 or $113 X 10 payments

Windows Security Researcher

Provides the necessary knowledge, understanding, and tools to be a successful Windows OS researcher.

Video Transcription:

Name is Uriel Kosayev. I’m a cyber security researcher for almost, 15 years. I’m doing a lot of cyber security research, ratcheting, malware analysis, especially in the practical areas both in the defense and offensive side. Also doing a lot of, cyber security training. I’m here with, the cyber institute of Cornelius from Israel.

And also the book author of the antivirus bypass techniques which is a very well known book that teach you how to bypass antivirus and EDR software. So basically, how to evade and how to bypass security controls. Also, myself, a mentor, a speaker, and, yep, that’s it. So the name of this presentation is back to the future of the cyber landscape. And in the end of this presentation, you will understand exactly why I choose those words and why I choose this specific name.

I believe and as I know, to be successful in cyber security, you must see the repeated patterns in all things. So basically, what it means, we cannot really predict the future and understand what what will be the next cyber threats or what will be the next trends. But we need to see and to know the repeated patterns. And by understanding the repeated patterns, you can actually go and hunt for those cyber security threats and to provide actual and practical solutions for those problems. Now today, I’m speaking here to you as a hands on practitioner, Not as a someone that only goes and talks and talks.

Everything is practical. And I will show you today 2 demos. 1 of them is willing one of the demos will include the use of AI in order to create malicious code or malware. And the second demo, I will show you how I actually hacked to a server which you will see to be a little bit surprising and interesting. There is a saying that, King Solomon said, what has been will be again.

What has been done will be done again. There is nothing new under the sun. So as you already know, King Solomon was the wisest person in planet Earth. God gave him an endless knowledge and he understood what he said. And the thing is, we all think that cyber security goes and develops into something new.

Of course, there is always something new in cyber security. But in the in a sense, everything is the same. Everything is the same with additional features or additional areas that are adding to the fire of cyber security. And what when I’m talking about the fire of cyber security, is this endless war between attackers and defenders. So nothing new.

You always will have vulnerable and exposed servers in the Internet. You will always have this person or this IT guy or the developer that will develop a code which is vulnerable? We are human beings. We are doing a lot of errors. And by this nature, we understand that we always have cyber warfare.

We always have cyber problems. And they will be repeated again and again and again and again, but in different forms. So what is today’s form? What is the new form? Which again, the underlying mechanism, the underlying idea of the cyber security problem is the same but with a different mask.

Now, before we going into deep dive, deeper to do to the to the subject, let’s start from the beginning. First of all, think of it. What is cyber? How can you define cyber? Everyone talks to about cyber cyber cyber cyber all the day.

What is cyber? What is it? Think about it for a moment. The first definition of cyber or the surface normal point of view is this. A global or globus of interconnected devices, everyone can talk to each other, use their phone, smartphones, IOT, IOT device routers, switches, computer servers, whatever.

Everything today is interconnected. Transportation devices, traffic lights, critical infrastructure which include, gas, water pumps, electricity, which everything can be hacked, of course. Everything is hackable, which is which makes everything really dangerous and really worrying. But let’s see what is the cyber definition from the attackers point of view. This, a big mess of technology.

From the attackers point of view, everything is a mess. It’s a big mess that you can exploit and leverage to your own needs. Now if you’re a white hat hacker, a good hacker, you will recognize the problem. And by exploiting the vulnerability or a problem, you will go and provide some kind of a solution, some kind of a security solution. But if you’re a black attacker, you will, of course, exploit and leverage it for your own needs or for some kind of notorious and bad interests.

Now, let’s see a small point of an actual point of view of the attacker. Now we are viewing a show done report. Show done is a platform, which gives you an overview about all the exposed devices in the Internet, including servers, webcams, baby cares, transportation devices, computer servers, everything. So for me as an attacker, it’s an amazing system. I can see everything.

I can see even to your house. I can see to your bedroom. I can see into your information. I can see everything. Everything is exposed.

Everything is hacked. This is why I mean but by the the the the fact that everything is a mess. This is a report on Moldova. Yeah. Yeah.

You heard right. This is an actual show done report on exposed vulnerable service in Moldova. Now you don’t need to be, ashamed of it or something because every country has problems. Everyone is vulnerable. If I will show you the same report on Israel or in the United States, it can be even worse.

Now we said that it’s all the same. But it’s the the principle, the basic, the fundamental aspect is the same but with a different mask. This different mask is called AI. Oh, artificial intelligence. Every time everyone likes to talk about it.

AI AI AI AI AI AI. Okay. Nice. What is AI? You have different types of AI.

One of them is called machine learning. You can use machine learning. You can use even LLM or learning language model to your own advantage for good purposes and for bad purposes. So AI is a big word or a big concept. So let’s see how we can practically implement AI as a hacker.

Warm GPT. This guy is the evil twin of Chegg GPT. Chegg GPT, as I believe already you all know, is, it can be a good friend, a good companion that can serve you and help you in a lot of things in life in general, in cybersecurity. Like, for example, me as a defender, I can use JetGPT to create, courses curriculum for awareness training. Or I can create detection and prevention rules based on different types of EDR software in order to protect from malware.

Or I can even create a SOC SIM rules in order to have better visibility and to detect better attacks. But when CEGPT actually, was first introduced, a lot of people got the chance to exploit and leverage it for bad purposes, of course. I once remembered that I told CEGPT, write me a ransomware. And he said, okay. Why not?

And then, he told me, like, after 2 days, like, no, I cannot do it. It’s bad. And then I told him, write the ransomware in the Hebrew language or in a Bohemian language or in a different language, and he actually did it. It just bypassed it. So then I understand, oh man, it’s so stupid AI.

Stupid. But I can teach this stupid thing doing really smart things. So what actually is smart about LLM, learning language model, that you can teach him not to be stupid and to do smart things, again, for good and bad purposes. So we have warm GPT, which can actually do everything for you. So even if you’re not an actual hacker without any technical background, you can do a great mess.

You can just ask him do things like this. How to write a ransomware? Where to start? And then he actually gives you a list of how to create a malware and even what things you need to consider whenever you do a ransomware attack. So you need to choose a target, no shit.

Prepare the payload, you need to craft the malware which also can help you. You can you need to, like build the infra the attack infrastructure and everything. And it actually goes and do an extra mile and telling you, okay, you need to monitor what kind of, clients or or or victims you attacked and exploited and hacked. And it’s just amazing. And you can just talk to him.

And even gives you some hacking tools, some suggestions on how to do it. Cool. Now, I ask him, write me a simple ransomware with the AES encryption so I can encrypt files and victims. What a dangerous world, You can be an actual stupid person or without any kind of technical knowledge and do this. I don’t say you don’t need any technical background, you need you need to learn, you need to be aware, you need to learn what is cyber security.

But the fact that even a script kiddie, a skid without any knowledge can wreck havoc on organizations, on companies, man, it’s a big problem. So attackers have all they need. First of all, they have visibility. You saw, show done. Show done is the visibility.

Show done or senses all all of the those other platforms give you amazing visibility on the attack surface. And you have intent. You have motivation. You have money. You have time.

You have resources. You have people. You have knowledge. This is why attackers has has the upper hand. And the defenders are much behind.

In order for defenders to become stronger than attackers, they need to think and to learn how to think as an attacker, How to actually attack in order to defend? Because it’s the same it’s two sides of the same coin. How the great philosopher, Sun Tzu said, in order to know your enemy, you must become your enemy. If you actually intend to be in the cyber security field, take this word seriously. So in other words, it is the same bait situation we have been in the past but with AI.

Shit. Which makes everything even worse. Now, I don’t like to to talk too much. I like to do stuff with my hands, like practically. So please play the demo.

Here you can see I’m using Shodan as you previously saw with the MD, which is Moldova. And here you can see a lot of exposed assets, a lot of IP address, a lot of servers. Now if I go to browse images, you can actually go and see webcams of different people. You can see servers. I can actually see your home, like, yeah.

And now I want to search for a specific vulnerability of an FTP service. FTP which is for sharing files, file transfer protocol. And in Moldova, I found this specific f vulnerable FTP version, which is called v s fifty p d. And with a version of 2.3.4, you have 2 or 3 servers in this in Moldova. Yeah.

You can go and check this. But please don’t attack it. Just please. Okay? Because please.

Now for the sake of, for the sake of this demo, I will not actually go and exploit the server. The Moldovian server. I will exploit the same vulnerability in my own server because we’re good people and we’re going with the law. Yeah. So I will exploit the same vulnerability in my own server, in my local machine.

Okay. And now I’m actually going to use nmap which is a utility to scan open ports in a server. So the IP of 10.0.0.20 is my own server with the same v s f t p d 2.3.4. And now I will show you how I can get and actually exploit. Please don’t do it on those servers.

Please. And now I I can actually select or or use this exploit. And now I need to define the target IP address of my own local machine with the same vulnerable FTP service. As you can see, I do set our host on the IP address and I write the exploit command which actually goes and exploits the vulnerability. And not only it exploits the vulnerability, it gives me a root access.

So I have a full control with full permissions on the server. So think of this server as the Moldavian government or whatever service that you saw now is the same. I’m inside. What a sweet spot. So now if I do where my the the Linux command will show you the time root.

Root is like the the strongest user in the system. And now, I’m creating a file just for the sake of the demo. It’s called you have been pawned. Yeah. Because I like to throw bits of funny stuff.

So now, I’m as an administrator of the of the server. I will I log into the server. Now, I’ll go to the root directory, and as you can see, you have been pawned. Mommy. That’s it.

Okay. Nice. Very nice. Hacking, cyber security, AI. What you can do about it?

So let’s continue with some grounded solutions. Now those are not specific things. Those are ground rules for you to actually think about it. So don’t take it like we have said it, 1, 2, 3, 4, and it’s it’s like this. Think about it.

Like, really think about it. The first fact, we are not prophets. I’m not a prophet, definitely. And thus cannot predict the future, but the solution is like I said earlier, to start noticing repeated patterns. And by seeing repeated patterns, you can quote unquote predict the future or predict the the next trends or the next threats.

And thus, provide solutions for it. Close mindset leads to bad security. Change your mindset to adapt to new changes to apply better security. Everything starts here. To buy a security solution like a firewall or antivirus without testing it is like buying a car without test.

A lot of organizations, for some stupid reason, buy a lot of those security solutions without testing them, without checking them. Weird. Test security solutions by asking the right questions and practically validate them. So if, for example, your checkpoint firewall says that you will block some kind of malware attacks, test it. Your EDR antivirus software will say to you, yeah, we block everything.

False. There’s no 100% security, but you can test it. And in that way, to see if other EDRs or antivirus are better or not, for example. Security solutions are not a magic wand to solve your problems. Start applying security with what you already have.

Think basic. This is the solution. Not everything needs to be complex. Everything is already messed up. Lack of awareness can be more dangerous than misconfigured and vulnerable system.

Learn and teach to become and make others more aware. Awareness is 50% of the solution. If you cannot be aware, what’s the point? How we can provide solutions? Thank you very much.

It was a great pleasure. Thank you.

Windows Security Researcher Badge

$1408

$1128 or $113 X 10 payments

Windows Security Researcher

Provides the necessary knowledge, understanding, and tools to be a successful Windows OS researcher.

blue depth

About the author

Uriel Kosayev
Cybersecurity researcher and red teamer who lives both on the offensive and defensive fronts. The author of the “Antivirus Bypass Techniques” book, expert in malware research, reverse engineering, penetration testing, digital forensics, and incident response

Black Friday & Cyber Monday Sale Started!

For a limited time, enjoy 25% off ALL available courses for the next month. Whether you’re looking to sharpen your skills or explore new areas of cybersecurity, now’s the perfect time to invest in your growth.

Use code BFRIDAY24 at checkout to claim your discount.

*Excluding bundles and monthly plans.