Sample Penetration Test Report PurpleSec
Yüklə 1,24 Mb. Pdf görüntüsü
|
|
5.0
Conclusions 5.1 Most Likely Compromise Scenarios An attacker would most likely start an attack against CLEINT with social engineering techniques. (this is the most successful type of attack) and given that ETERNALBLUE is easily exploited, this is the most likely compromise of the entire system. Attacking the McAfee Security Server would be an ideal first target; once an attacker has attained root access to this system, they can disable all the security controls and systems in place, allowing for much more evasive traversal of the internal network, as well as potentially creating more targets without the hindrance of the security systems. From here, the ideal goals of an attacker would be data exfiltration of ePHI, Personally Identifiable Information (PII) and PCI data - for purposes of fraud, ransom, targeted phishing, sale, etc. - and any payment information that may be available for similar purposes. An adversary would attempt to access to the Domain Controllers to help facilitate network traversal and further compromise of security controls and monitoring systems. With Domain access, complete infrastructure compromise is likely; with this level of access an attacker presents numerous serious security risks to critical and confidential information systems. Internet facing assets at CLIENT have little to no interactivity and so pose less of a threat to intrusion through these systems. However, the systems are vulnerable to Man-in-the-middle (MITM) type attacks which could be utilized by an attacker to gain access to private communications and potentially steal passwords to gain further access into the network. 5.2 Implications Based on the above testing activities, the average risk level across the board is EXTREME Complete system compromise is trivially achieved on critical security and file servers, systems that contain myriad important and confidential files which, if breached, can put CLIENT at great risk to large fines and significant business impact. Disable SMB on any system that does not require it for business functionality. Even with recent patches, Windows systems using SMB remain vulnerable to ETERNALBLUE type exploits so long as the service is running. System hardening needs to be implemented immediately to shrink the risk landscape of the infrastructure. Controls and configurations should be centrally managed; management and security systems such as the McAfee server should be secured using |