IT infrastructure as a concept has been rapidly evolving and expanding. We have been involved in pushing the development of security within modern infrastructures for several years.
We see an increased ambition for penetration testing of networks and infrastructure and want to share the five most common security issues that we've seen during 2022.
Domains, networks, appliances, servers, client devices, etc. constitute a major part of an organization's attack surface. If given an initial foothold on a system within the bounds of a domain, an attacker can often elevate privileges and traverse the network. This is most of the time due to: a lack of proper network access control; users with weak passwords and/or excessive privileges; services running with old and vulnerable software; and very often a lack of detection and response when something unexpected happens.
If you have a Security Operations Center (SOC), a Security Information and Event Management (SIEM) system or similar you would want to assess and evaluate your processes. You would also want to know your gaps in detection capabilities and get qualified recommendations on how to improve them. Adversary simulation can be executed either in cooperation with your security operations to identify weaknesses and help mitigating them, or acting as a real attacker to additionally test your organization's (Blue team) response capabilities. These approaches are commonly known as Purple and Red team penetration tests, respectively.
If you're not ready for an assessment of detection and response, and just want to know your infrastructure's weaknesses and how to mitigate them, we recommend a penetration test.
In both cases, we assume the role of an attacker - often equipped with a low privileged user in the domain/network - to, for example:
The process and identified weaknesses will be documented and delivered in a report and a presentation. When the issues have been resolved or mitigated, we usually conduct a verification test and review the report accordingly.
To better protect your assets you need to make sure your users are aware of security risks and how to avoid common pitfalls. We therefore offer a range of trainings, presentations and workshops, often in conjunction with practical exercises such as phishing campaigns, technical labs and threat modeling sessions. We teach best practices for securing networks and applications as well as security testing methodology.
Knowing your internal IT infrastructure is one thing, but also knowing your online footprint and what you as an organization exposes to the world, within reach of any cunning Open Source Intelligence (OSINT) analyst, is crucial to keep your assets secure. We regularly perform Threat Landscape Asessment (TLA) which is a good measure of an organization's exposure and online security posture and is really quick and efficient, especially when performed on a regular basis.
We are often tasked with giving our opinions on best practices and how to address discovered security issues in an advisory role. Our expertise in network security, Windows/Azure domains, server hardening and more can be utilized on a wide range of questions.