How to Hack using Metasploit

kbacon5 at September 04,2016
This was an excellent video and helped me understand how stuxnet worked better. There was a very interesting documentary that came to theaters this year all about stuxnet called "Zero Days". I saw the movie in the theater but from watching this Stanford video I learned even more about how stuxnet works. I thought it was very interesting how the speaker mentioned he never heard of a threat that works on windows and plcs like stuxnet and that it understood them both in depth. Also, that the default password on the plc was never changed so that they could access the plc. In the movie and in this video they mentioned that even while it was spinning the centrifuges then making them slow down it showed on the oeprators screen that everything was working normal. It is very interesting such a sophisticated attack like stuxnet exists. In the movie "Zero Days" they said stuxnet was the tip of the iceberg when it came to secret viruses created and used by governments. If that is true it is very scary since much of our daily lives depend on technology. Great video!

BBurgess at September 08,2016
I was unaware of ALL the capabilities that the Stuxnet virus possessed. It becomes apparently that this was a large, most likely state sponsored, multi-disciplined group that conducted reconnaissance on the Iranian Nuclear program (most likely through an insider threat) or outright knew the schematics of the system, understood all the hardware and software running and wrote the code/tested the code for both the Windows computer and the Controller, and organized the distribution of the virus/worm. It makes you wonder if this type of complex attack can be done on the mass population. In many cases we all have similar setups at home and use the exact same software in many cases.

Taylorlou at November 18,2016
Every time I hear about Stuxnet it sounds like something from a movie. It's incredible and scary at the same time. One of the most unbelievable pieces to the story is that the code got past so many layers of security and then ended up at its target which had the simplest security measures in place--a default username and password. At the end of the video, I thought Mr. Nanchenberg's answer to their question, "What's your biggest fear?" was really eye-opening. I'd never thought about code affecting the hardware of a computer, but it obviously is very really capability if the attackers have the right information to do it. It is also concerning considering the Internet of Things (IoT) and how this type of code could affect items of that nature. There are so many appliances etc. that can connect to the computer and are vulnerable. For instance, just recently a Jeep was hacked into and "shut down" with an attack that wasn't nearly as sophisticated as Stuxnet. This attack is definitely still a concern for the future.

Safiyah at November 24,2016
What an interesting video! The findings revealed here about the intricacy and meticulous planning that the creators of Stuxnet must have had are indeed impressive, as the presenter said, but also a scary. As Taylorlou pointed out, the response the "biggest fear" question presented a new concern that might never have occurred to me. In the event of such an attack on hundreds of millions of devices happening, how can we protect ourselves and would we even be aware of the attack before it's already too late?

asdfaslkjadsfasdasdfas at December 03,2016
Really like the fact that he drove home the fact that this was not novel technology or techniques, it was just the combination of so many near-novel techniques that made this effort so extraordinary. I also think that it's very interesting that a lot of cyberwarfare involves exploiting things made by microsoft. It seems somewhat irrational to me that Iran was willing to spend billions on their nuclear program, but at no point it ever dawned on anybody to consider an alternative to Windows within natanz, like openBSD or some proprietary custom linux distro. I realize that this would be extremely inefficient to implement for all sensitive operations, but I feel like if you're trying to break international law to enrich uranium to build a bomb, you should splurge on minimizing your cyber security risk. Iran wasted a bunch of money.