This is a story of network segmentation and the impact that seemingly trivial misconfigurations can have for your organization.
This is one of those occasions.
This particular pen test asked for goals-based assessment focusing on post-compromise activities — an attempt by the client to discover how vulnerable internal systems were to lateral movement by an attacker who had compromised the domain. Among the goals was a request to attempt to compromise the client’s Amazon Web Services (AWS) infrastructure and a secondary request to access and exploit any systems discovered to contain sensitive or critical operational data .
The domain for the internal environment was compromised within an hour and a half using common attack vectors: Responder network poisoning to obtain low-level network credentials followed by exploitation of Active Directory Certificate Services (ADCS) web enrollment vulnerabilities to escalate to a member of the ‘Domain Administrators’ group. While performing credential-stuffing attacks against several devices within the network to determine what previously compromised user accounts could access, it was noted that the testing device could access subnets containing user devices due to a lack of segmentation and access control policies. These configurations are known to provide additional layers of security to the network which can help to mitigate damage after compromises by preventing attacker movement to sensitive resources within the network .
Upon initially attempting to access the company’s confidential Google Suite resources, it was found that all requests redirected to a required Multi-Factor Authentication (MFA) request. Additionally, Remote Desktop Protocol (RDP) services had been properly secured, preventing sessions from the network of the attacking device.
Devices within the user environment were accessed through use of a common suite of testing tools which aid penetration testers in testing Windows environments and connecting to devices wi ..
Support the originator by clicking the read the rest link below.
