Motivated attackers do not stand still in their attempts to compromise your network, and neither should your approach to testing your security program. How can you stay ahead and outmanoeuvre the adversaries?
In this video, Jared McLaren, Secureworks Technical Lead for Application Security Testing, discusses the strengths of combining security tests to drive new insights for improvements.
Listen to the full webcast to learn more about the most common attack vectors and how to defend against them.
So this engagement started off with the network team performing an external penetration test of a large financial client. They're a pretty secure client. The networking team had worked really hard to find issues and there weren't really any major vulnerabilities out there. Everything was patched, everything looked great. So we started taking a focus on a teleconferencing server that the client had in their environment. The networking team did a great job, they actually found a new vulnerability that allowed them to innumerate user names off this teleconferencing system. And then the next thing you do in an external penetration test is you start password spraying based on those usernames. So you know, you look for weak passwords like password123, changeme, spring2019, things like that.
So after bouncing through these user names and a password spray they got authenticated access. And from that point forward handed it off to me and the application team to look at this application from an authenticated perspective. And there was some interesting stuff there. We saw areas where there were file uploads and things like that. So we tried attacking content of the files, names of the files, things like that. And we were able to actually influence a file creation and inject content into that file being created. And with that scenario we actually got remote code execution on this conferencing solution. And this was on a fully patched server. So this was a nice zero day that we had just come up with to allow code execution to get further into the client's network. To be able to see what a motivated attacker could really do. And that's that great combination of network and application that we provide here.
The old approaches to cybersecurity are no longer adequate. It’s time for something new. Layered defenses can create almost as many problems as they solve, and security teams struggle to keep up with the threat. What you need is context across all your layers of defense with the right people, processes, and technology working together in concert. That’s how Secureworks can help. Using 20+ years of industry knowledge, advanced analytics, industry-leading threat intelligence, and the network effect of more than 4,000 customer environments, we provide world-class cybersecurity solutions to customers around the globe. This unmatched experience empowers our customers to be Collectively Smarter. Exponentially Safer.™
Our Managed Detection and Response (MDR) solution is comprehensive, powered by our cloud-native software Red Cloak™ Threat Detection and Response that uses AI and machine learning to deliver better outcomes for your security operations. MDR unifies telemetry from your existing security technology to maximize visibility, reduce complexity, and enable you to move at the speed of the threat. Learn more about how Managed Detection and Response uses contextualized visibility to improve your organization’s security posture.