Common types of exploits performed to gain access to systems.
Malware, more specifically ransomware, continues to be a significant threat. We are talking exploits.
Supply chain attacks are relatively new but continue to grow in size and frequency.
Cloud-based threats encompass a wide range of TTPs. And with so many businesses using the cloud, and cloud networks and the offered services becoming more intricate, their infrastructure has become “low-hanging fruit”.
Social engineering: phishing, spear phishing, whaling, smishing, vishing, baiting, piggybacking/tailgating, …
Insider threats: on the rise!
Mobile devices: many more infiltration opportunities than ever before.
Each cybersecurity threat is a learning opportunity, but most organisations do not have an incident strategy and incident response team. Mind you, there may be incidents that were not noticed, and have been ungoing for a loooong time already …
Attack infrastructure as code
For the best part of the last decades the undefeated champion of C2 post-exploitation frameworks was the Metasploit framework, but the default settings of the tool have been flagged by every Windows security product since 2007. Some Windows exploits are still useful, and for hacking Linux systems and older Windows systems it can still be a good choice. Silent Trinity in an attack infrastructure as code (IaC) may offer good alternatives for Windows 10+ systems, at least for now.
Attacks on physical security
Physical security plays an important role in any organisation’s security program and defensive posture. Physical security involves controlling who has physical access to the facility, the servers, network equipment, and end-user devices.
A common technique to attack a system is to use exploits. Metasploit is a tool that contains a number of exploits that are ready to use. And that is not the only way to use exploits; you can create your own or download them from an exploit database site.
Exploits that are created to leverage network-based vulnerabilities are interesting exploits because the attacks are performed across the network — an adversary does not need local access to the systems.
Network-based vulnerabilities can lead to compromise of the target operating system, privilege escalation,
or loss or degradation of service performance. Most network-based vulnerabilities can be identified with
vulnerability assessment, or by vulnerability research. The Metasploit Framework or SearchSploit can be used to validate public exploits for vulnerabilities identified during the vulnerability assessment.
Common public exploits: Name-resolution exploits; Link-Local Multicast Name Resolution (LLMNR)/NetBIOS Name Service (NBT-NS) poisoning; New Technology LAN Manager (NTLM) relay attacks; SMB exploits; SNMP exploits; SMTP exploits; to name but a few.
Local host vulnerabilities
Systems today are a variety of devices, and each type of device comes with its own list of vulnerabilities: Operating system vulnerabilities; Unsecure service and protocol configurations; Privilege escalation vulnerabilities; Default account settings; Sandbox escape possibilities; and Physical device security vulnerabilities.
Social engineering is the use of deception to try to trick a user into compromising system security through an email message, a text message, a phone call, etc. Social engineering attacks are a common way to test the effectiveness of a company’s security education program. If the engagement rules and scope of the penetration test support social engineering attacks, plan for them in the penetration test.