Keys to the Kingdom – Gaining access to the Physical Facility through Internal Access


This is a story of network segmentation and the impact that seemingly trivial misconfigurations can have for your organization. This is one of those occasions.

This particular pen test asked for goals-based assessment focusing on post-compromise activities — an attempt by the client to discover how vulnerable internal systems were to lateral movement by an attacker who had compromised the domain. Among the goals was a request to attempt to compromise the client’s Amazon Web Services (AWS) infrastructure and a secondary request to access and exploit any systems discovered to contain sensitive or critical operational data .

Read more…
Source: Rapid7


Sign up for our Newsletter


Related:

  • Utilities ‘Concerningly’ at Risk from Active Exploits

    June 14, 2021

    The amount of time that utility networks spend exposed to a known application exploit has spiked over the past two months — something analysts called out as a “concerning datapoint,” and an important reminder that ransomware isn’t the only threat utility networks need to secure against. A new report from WhiteHat Security measured the amount of ...

  • Open Source Vulnerabilities Converging DevOps & SecOps

    May 20, 2021

    Workplace evolution is in favor of traditional siloes being torn down and replaced with increased cross-functional collaboration, working in lockstep to deliver better outcomes. But it is not as easy as it sounds. Security and development teams have historically worked in siloes, which has created a long- standing disconnect between them. Both teams are responsible for ...

  • Lazarus covets COVID-19-related intelligence

    December 23, 2020

    As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that actors, such as the Lazarus group, are going after intelligence that could help these efforts by attacking entities related to COVID-19 research. While tracking the Lazarus group’s continuous campaigns targeting various ...

  • Supply Chain Attacks in the Age of Cloud Computing: Risks, Mitigations, and the Importance of Securing Back Ends

    October 26, 2020

    Security is an aspect that every enterprise needs to consider as they use and migrate to cloud-based technologies. On top of the list of resources that enterprises need to secure are networks, endpoints, and applications. However, another critical asset that enterprises should give careful security consideration to is their back-end infrastructure which, if compromised, could ...

  • Diving Into End-to-End Deep Learning for Cybersecurity

    August 21, 2020

    The application of artificial intelligence (AI) across various industries has undeniably made significant improvements in the digital era. With the capability to interpret and make complex decisions based on data, AI technologies have enabled tasks or processes to function with human-like intelligence, enhancing the speed of and innovating business operations and adding valuable user experiences. The ...

  • Configuring a Windows Domain to Dynamically Analyze an Obfuscated Lateral Movement Tool

    July 7, 2020

    Researchers at FireEye recently encountered a large obfuscated malware sample that offered several interesting analysis challenges. It used virtualization that prevented us from producing a fully-deobfuscated memory dump for static analysis. Statically analyzing a large virtualized sample can take anywhere from several days to several weeks. Bypassing this time-consuming step presented an opportunity for collaboration ...