In our previous blog posts, we demonstrated how important it is for penetration testers to get credentials that grant administrative access over hosts within the organization to escalate their permissions. This week, we will discuss a relatively recent privilege escalation technique known as Kerberoasting, which pen testers and malicious hackers can use to crack weak network service account… Read More
Category: Information Security
Navigating Clear Text Password Vulnerabilities
Accessing Clear Text Administrative Passwords In our last blog post, we showed how pen testers can use misconfigurations within Active Directory group management to escalate privileges. However, that technique is heavily dependent on having access to privileged or misconfigured accounts in the first place. This week, we discuss another finding that we frequently take advantage of… Read More
Identifying Local Admin Misconfigurations for Domain Privilege Escalation
In our previous blog, we discussed how insufficient network segmentation can be exploited by attackers and pen testers. This week, we discuss a finding that we frequently abuse during the privilege escalation phase of our penetration testing assessments, particularly for those involving public sector clients. This phase occurs after our operators have gained a foothold and… Read More
How Insufficient Network Segmentation Increases Your Security Risk
In our previous blog, we introduced our 2016 top five penetration testing lessons learned blog series. Today, in Part II of this series, we discuss our first finding: insufficient network segmentation. The Challenges of Network Segmentation Many of the clients we conduct penetration tests for are larger organizations that have thousands of hosts on a completely flat… Read More
5 External Cyber Penetration Testing Lessons Learned From 2016 Security Assessments
Every year, Delta Risk conducts hundreds of cyber security assessments, including penetration testing, for a wide range of commercial and public sector clients. Many of these organizations share similar weaknesses in their people, processes, and technology. But each assessment also presents new technical challenges for us to solve. In this five-part blog series, we’ll discuss our findings… Read More
Stop. Think. Connect. The Basic Steps for Online Safety and Security
October is National Cyber Security Awareness Month (NCSAM), which you can follow on Twitter using the hashtag #CyberAware, and we are excited to be a 2016 Champion! NCSAM was put together by the Department of Homeland Security and the National Cyber Security Alliance to help educate people on ways to improve their online safety and… Read More