Default title

PENETRATION TESTING

LEVEL III - PENETRATION TEST

A penetration test is a coordinated and scaled set of intrusion activities attempted from the adversarial view of a hacker. The goal of a penetration test is to determine what can be accomplished and with what level of difficulty within estimated time frames. A penetration test would produce a report that defines the results of the risk exposure items postulated in the Level II Assessment.

The following items are explored:

  • Brute Force Password Attempts
  • Wireless Redirection and Data Interception Attempts
  • Physical Intrusion Attempts
  • Known Exploit Attempts
  • DNS Redirection Attempts
  • Other Aggressive Testing Methods

RECENT THREAT POSTS

- Becky Bracken
Moobot Botnet Chews Up Hikvision Surveillance Systems
Attackers are milking unpatched Hikvision video systems to drop a DDoS botnet, researchers warned.
- Nate Warfield
Not with a Bang but a Whisper: The Shift to Stealthy C2
DoH! Nate Warfield, CTO of Prevailion, discusses new stealth tactics threat actors are using for C2, including Malleable C2 from Cobalt Strike's arsenal.
- Tara Seals
Critical SonicWall VPN Bugs Allow Complete Appliance Takeover
Unauthenticated, remote attackers can achieve root-level RCE on SMA 100-series appliances.
- Lisa Vaas
AWS Among 12 Cloud Services Affected by Flaws in Eltima SDK
The flaws, which could enable attackers to disable security and gain kernel-level privileges, affect Amazon WorkSpaces and other cloud services that use USB over Ethernet.
- Elizabeth Montalbano
Emotet’s Behavior & Spread Are Omens of Ransomware Attacks
The botnet, which resurfaced last month on the back of TrickBot, can now directly install Cobalt Strike on infected devices, giving threat actors direct access to targets.
- Lisa Vaas
Windows 10 Drive-By RCE Triggered by Default URI Handler
There's an argument injection weakness in the Windows 10/11 default handler, researchers said: an issue that Microsoft has only partially fixed.
- Becky Bracken
When Scammers Get Scammed, They Take It to Cybercrime Court
Underground arbitration system settles disputes between cybercriminals.
- Tara Seals
Google Takes Down Glupteba Botnet; Files Lawsuit Against Operators
The malware's unique blockchain-enabled backup C2 scheme makes it difficult to eliminate completely.
- Elizabeth Montalbano
SolarWinds Attackers Spotted Using New Tactics, Malware
One year after the disruptive supply-chain attacks, researchers have observed two new clusters of activity from the Russia-based actors that signal a significant threat may be brewing.
- Lisa Vaas
Crypto-Exchange BitMart to Pay Users for $200M Theft
BitMart confirmed it had been drained of ~$150 million in cryptocurrency assets, but a blockchain security firm said it's closer to $200 million.

Archives

Leave a Reply

Your email address will not be published. Required fields are marked *

15 + four =