In our previous blog, we discussed how insufficient network segmentation can be exploited by attackers and pen testers. This week, we discuss a finding that we frequently abuse during the privilege escalation phase of our penetration testing assessments, particularly for those involving public sector clients. This phase occurs after our operators have gained a foothold and… Read More
In our previous blog, we introduced our 2016 top five penetration testing lessons learned blog series. Today, in Part II of this series, we discuss our first finding: insufficient network segmentation. The Challenges of Network Segmentation Many of the clients we conduct penetration tests for are larger organizations that have thousands of hosts on a completely flat… Read More
Every year, Delta Risk conducts hundreds of cyber security assessments, including penetration testing, for a wide range of commercial and public sector clients. Many of these organizations share similar weaknesses in their people, processes, and technology. But each assessment also presents new technical challenges for us to solve. In this five-part blog series, we’ll discuss our findings… Read More