Skip to main content
0 Results Found
              Back To Results

                When Good Guys Go Bad: From the Parking Lot

                Tales from the frontlines of the Secureworks® Adversary Group

                Skilled adversaries have many tricks up their sleeves to grab credentials, including mimicking trusted access points.

                In this video, Eric Escobar, Principal Consultant in the Secureworks Adversary Group, shares how, within a day, he was able to access an organization’s entire network, compromise their domain admin accounts and facilities by gaining credentials using an ‘Evil Twin’.

                Listen to the full webcast to learn more about the most common attack vectors and how to defend against them.


                I was on a particular pen test where we drove up before meeting the client and I was sitting in the parking lot of this really large manufacturing facility, I was able to crack their guest wireless password from the parking lot. I was able to create some wireless interference, and then the interference made it so that users' WiFi on their phone didn't work, the guest wireless didn't work, and I tricked them into connecting to me. And that's what disclosed their passphrase and so I was on their guest wireless network, along with all of their other employees at that time. And I was basically able to use that level of access to further compromise other users on the network. I was able to manipulate their traffic, I was taking other people's usernames and passwords, logging in as them, and seeing what they had access to. And then ultimately from there in about a day's time, I was able to walk through their entire network, compromise their domain admin accounts, and then also compromise all of their manufacturing facilities on three other continents.

                I could have done a number of things, so you read about ransomware in the news. I could have ransomwared every device and locked out every device and anything in their manufacturing facility I could have turned off or kicked off the network or in some way, shape, or form, made it so that all of their business came down to a screeching halt and hold them for ransom. I could have sat and collected all of their proprietary company information from who their clients are, their customers, their price points, I could have stolen all that and they would have never known. The level of nefariousness goes from just somebody who's looking to make a quick buck to taking over a large Fortune 500 company. That's what it comes down to. The client absolutely loved the work. When he saw the results, he was able to take that information and say, "Hey this is the ammunition "that I need to go to the board of directors, "to go to my C-level suite," and basically take what we did and let him use that to enact change throughout his organization.

                We generate around 2 billion events each month. With Secureworks, we are able to crunch down that number to 20-30 high fidelity alerts — and that makes my team's job much easier.
                Sunil Saale, Head of Cyber and Information Security, Minter Ellison
                With Secureworks Taegis ManagedXDR, I have the peace of mind that my environment is being monitored 24x7 and if a threat actor tries to attack Secureworks will alert me, quickly investigate, and collaborate to fully resolve before damage can be done.
                Jerry Ryan, VP of IT, We Florida Financial

                Why Secureworks?

                Secureworks (NASDAQ: SCWX) is a global cybersecurity leader that protects customer progress with Secureworks® Taegis™, a cloud-native security analytics platform built on 20+ years of real-world threat intelligence and research, improving customers’ ability to detect advanced threats, streamline and collaborate on investigations, and automate the right actions.

                Related Content

                Close Modal
                Close Modal