In this blog post I’m gonna cover the in my opinion most common findings in a Windows Active Directory environment, which can be found and abused for Privilege Escalation and Lateral Movement in such a project. Here, any of the client’s systems will be examined, but also any attack techniques such as social engineering via phishing mails can be used. For such initial projects, we also recommend choosing an open scope.
This approach provides an initial overview of the most critical vulnerabilities and risks from both external and internal threats. Anything found within this period will be included in the report. This can be done with a predefined number of person-days. For customers, who have not yet carried out regular penetration tests, we recommend in the initial step to check systems on the Internet (DMZ) as well as internal systems for the most common critical attack techniques and vulnerabilities.
In the last years my team at r-tec was confronted with many different company environments, in which we had to search for vulnerabilities and misconfigurations.
The most common on premises vulnerabilities & misconfigurations | S3cur3Th1sSh1t Home About The most common on premises vulnerabilities & misconfigurations March 17, 2021
0 kommentar(er)
