In the course of a recent external penetration test, one of Secureworks testing experts, Nate Drier, found through the use of enumeration that a popular bug tracking software was running on a web server.
Unfortunately for the organization they didn't put this popular software behind a VPN, leaving it open to further enumeration of usernames. Granted it required a valid password to go with the username but that only served to be a minor hurdle in infiltrating this software.
Once he was in, what Nate was able to collect on the organization could be very damaging and served as a lesson learned to the organization about putting internal tools out on the internet. Watch the video to learn more.
We were doing an external penetration test for our client and through the course of enumeration we found they had this really popular bug track software installed on one of their web servers and there is a function of the software that lets you enumerate usernames without being logged in. So the rest of the software is password protected before you can log in and submit tickets, so you had to know valid usernames and passwords, but you could enumerate usernames as anyone on the internet. So using some off the shelf tools we were able to enumerate over one thousand usernames.
Once we had a list of usernames we just tried passwords like password1 and low and behold it led us into one of the accounts, so now we were able to log into this bug tracking software and view tickets, we were able to gain additional usernames and passwords, look at code snippets and see all sorts of other internal information. So in general with things pushed out to the internet, if those don't need to be customer facing, it's best to put those behind a VPN that way in this case we wouldn't have been able to access the portions that application needed to enumerate usernames in the first place.
We generate around 2 billion events each month. With Secureworks, we are able to crunch down that number to 20-30 high fidelity alerts — and that makes my team's job much easier.
Sunil Saale, Head of Cyber and Information Security, Minter Ellison
Red Cloak™ Threat Detection and Response isn’t just the next generation of SIEM, it’s an evolution.
David Levine, CISO, Ricoh Group
The old approaches to cybersecurity are no longer adequate. It’s time for something new. Layered defenses can create almost as many problems as they solve, and security teams struggle to keep up with the threat. What you need is context across all your layers of defense with the right people, processes, and technology working together in concert. That’s how Secureworks can help. Using 20+ years of industry knowledge, advanced analytics, industry-leading threat intelligence, and the network effect of more than 4,000 customer environments, we provide world-class cybersecurity solutions to customers around the globe. This unmatched experience empowers our customers to be Collectively Smarter. Exponentially Safer.™
Our Managed Detection and Response (MDR) solution is comprehensive, powered by our cloud-native software Red Cloak™ Threat Detection and Response that uses AI and machine learning to deliver better outcomes for your security operations. MDR unifies telemetry from your existing security technology to maximize visibility, reduce complexity, and enable you to move at the speed of the threat. Learn more about how Managed Detection and Response uses contextualized visibility to improve your organization’s security posture.