In this episode Brad and Spencer discuss the THREE primary ways we gain initial access on penetration tests and how to stop us! The moral of this story is that these are attack vectors we see adversaries using day in and day out to compromise organizations. We hope this episode helps you track down and close those gaps in your own environments.
I. Password Management and Strong Passwords
– Benefits of password managers in corporate settings
– User-friendliness
– Security
– Affordability
– Importance of strong passwords to prevent hacking and financial loss
– Inability to copy and paste passwords on some websites
II. Web Application Exploits
– Input validation issues in small vendor applications and homegrown applications
– SQL injection attacks
– Gaining admin privileges
– Lateral movement within a system
– Automation tools for discovering vulnerabilities (e.g., Burp, SQL map)
– Cross-site scripting (XSS)
– Using XSS for initial access
– Exploiting XSS for lateral movement
– Prevalence and impact of web application attacks
– Risks posed to organizations
III. Phishing
– Multiple purposes of phishing
– Bypassing controls to deliver payloads
– Assessing user behavior
– Establishing command and control
– Cost-effectiveness of phishing against mature organizations
– Recommendations for email defense configuration and evaluation
– Testing tools for passwords, email filters, and scanning (e.g., Burp, Zap)
– Importance of sharing the episode and accessing the blog
IV. Vulnerability Scanning and Bug Scanners
– Tools available for vulnerability scanning (OWASP Zap, Vericode)
– Free bug scanners and training resources (e.g., Burp Academy, OWASP)
– Discussion on input validation and known vulnerabilities
– Phishing as a successful method but not commonly used in offensive operations
– Cost-effectiveness of reviewing and assessing current tech stack for email security
V. Securing User Accounts
– Getting rid of unnecessary items that pose security risks (e.g., multiple logins)
– Importance of knowing and managing external footprint for security
– Significance of asset management and change management
– Implementation of multi-factor authentication (MFA)
– Monitoring for successful password attacks
– Importance of user education
– Avoiding password reuse and using company email on third-party sites
VI. Successful Credential Attacks
– Overview of credential attacks
– Focus on credential stuffing and password spraying techniques
– Exploiting human predictable password behavior
– Examples of common passwords used
– Utilizing scraped websites and geographic relevance for password guessing
– Importance of strong password education and management
– Recommendation for password management tools (e.g., LastPass, KeePass)
– Inconvenience of long and complex passwords, including copy-paste limitations
VII. Introduction of Hosts and Offensive Security Group
– Background information about the hosts
– Discussion on hackers and their methods of initial access
– Identification of three successful methods of initial access
– Use of credential attacks, particularly credential stuffing
– Utilizing compromised credentials found on the dark web
– Recommendation to enable MFA on all public-facing resources for prevention
If you’re on to go, listen here or on your favorite podcast app: https://www.buzzsprout.com/1731753/11116578
Blog:Â https://offsec.blog/
Youtube:Â https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfw
Twitter:Â https://twitter.com/cyberthreatpov
Work with Us:Â https://securit360.com