Ep 36: Jeremy from Marketing

Podcast Summary

• The Importance of Penetration Testing for Network Security: Penetration testing, also known as red teaming, is a crucial practice for identifying vulnerabilities in a company's network and improving its security posture, ultimately mitigating risks of data breaches.

  Penetration testing or red teaming is a common practice in the online world where ethical hackers try to break into a company's network to test its security. The goal is to identify vulnerabilities that bad actors could use to breach the system and steal sensitive information. While penetration testers are often successful in their mission, their work helps improve the security posture of organizations. Jack, the host of the Darknet Diaries podcast, shares his experience of watching over the shoulder of a professional penetration tester, Tinker, who has a deep understanding of computers and networks. Through Tinker's story, Jack highlights the importance of network security and the value of penetration testing for identifying gaps and mitigating risks.

• Penetration Testing - Assessing Your Security from Within: It is crucial for companies to thoroughly vet employees, especially those with access to sensitive information, and have a defense in depth plan to ensure their security is effective. Penetration testing can help identify vulnerabilities.

  Penetration testers are hired by companies to test their defense in depth security plans. In this scenario, Tinker posed as a new employee in the Marketing department and was tasked with infiltrating the network without being caught. This is a real-world possibility as temporary hires, interns and new recruits can be a security risk. Tinker had a methodical approach to his plan of attack, from initial password reconnaissance to exfiltration and persistence. The CISO and his assistant were the only ones who knew who Tinker really was. It's important for companies to thoroughly vet employees, especially those with access to sensitive information, to ensure that their defense in depth plans actually work.

• Importance of Vigilant Security Measures and Best Practices for Securing Sensitive Data: Companies must regularly test and prepare employees for potential phishing attacks while ensuring strong security measures are in place. Follow best practices for securing sensitive data and be aware of low-hanging fruit vulnerabilities.

  Companies need to be vigilant about their security measures, especially when it comes to phishing attacks. It's important to test and prepare employees for potential attacks, and to be aware of potential vulnerabilities in the network, such as default settings and password policies. Hackers can easily use common IT tools and commands to gain access to sensitive data, so it's crucial to have strong security measures in place, such as proper access controls and regular vulnerability scans. It's also important to be aware of low-hanging fruit vulnerabilities and to follow best practices for securing sensitive data, such as using strong passwords and avoiding common password policies.

• The Art of Observing and Blending In as a Penetration Tester.: A successful penetration tester needs to be observant, patient, and analytical. By carefully monitoring and listening to the environment, they can identify vulnerabilities and plan exploits more efficiently without arousing suspicion.

  A good penetration tester should be quiet and observe the surroundings to understand the environment before taking any action. By listening and monitoring, they can identify vulnerabilities in the system like lack of robust endpoint protection and poor NAC solutions. Using tools like Wireshark, a tester can capture packets and broadcast traffic to identify hardware and manufacturer information, which helps in blending in better. It's important to avoid suspicious activities like pulling data from Active Directory. By understanding normal office behavior and network patterns, a tester can plan and execute exploits more efficiently.

• Network Access Control and Prevention of Responder Tool Exploits: Implement Network Access Control and train employees to avoid plugging in random devices. Prevention of Responder tool exploits is necessary to avoid giving hashed passwords to hackers.

  Implement network access control and only allow devices that are known to the network. Hackers can use tools like Responder to lie and trick computers on local subnets into giving hashed passwords. Responder is hard to detect and can be run intermittently twice a day to pull down ten to twenty hashes, making it almost like cheating for hackers. It is difficult to implement NAC solution, but it is necessary to prevent hackers from accessing your network. It is also essential to train employees to avoid plugging in random devices to keep the network secure.

• The power of passphrases and password policies in enhancing internet security: Passphrases are more secure than simple passwords and can be generated from cultural information. A strong password policy limits brute force cracking, and employee awareness is crucial in securing networks.

  Passwords can be easily cracked with advanced computing systems that test billions of passwords a second, but using passphrases consisting of random words are much more secure. Additionally, longer and more unique passphrases can be achieved by scraping cultural information from websites and internal internet data. A security policy outlining password requirements can also limit the effectiveness of brute force password cracking. Running basic tools like Responder and building custom cracking rigs with off-the-shelf parts can easily exploit network vulnerabilities, highlighting the importance of strong password policies and employee awareness.

• A Step-by-Step Account of a Successful Hack: Implementing multi-factor authentication and having separate passwords for third-party tools can help prevent hackers from gaining access to sensitive information during a cyber attack.

  Using stolen credentials, the hacker was able to log into SYSVOL on the main controller and pull out all the information of all the users including the groups, usernames and host names. This allowed the hacker to make a successful reconnaissance of the system. The hacker then tried to log in to the email using OWA or Office 365 and found out that multi-factor authentication was not set up on e-mail. He started looking through the emails to find anything important and maybe some IT passwords but found just one password for a third-party tool. The hacker then tried to get into their single sign-on internet portal, as many companies create a single portal for employees, which then provides access to all the tools.

• The Risks and Benefits of Single Sign-On and Citrix Security: Single sign-on can be dangerous for an organization if not securely set up with multi-factor authentication for each app. Citrix security presents challenges but requires ethical hacking to ensure safety within legal boundaries.

  Single sign-on can be a hacker's dream if not set up properly or securely. With access to many things in one place, a hacker can take down entire organizations. However, properly set up single sign-on may require multi-factor authentication and separate logins for each app, which makes it harder to hack. Citrix, which amounts to Remote Desktop through the browser, can be an attractive target as it hosts internal applications. However, bypassing multi-factor authentication is difficult. Tinker was able to bypass it by calling the user and getting the six-digit token code. As a penetration tester, Tinker needs to be within legal boundaries while finding weaknesses to strengthen the company's security.

• The Deceptive Nature of Social Engineering Attacks: Stay vigilant and cautious of any suspicious communication or requests for sensitive information. Attackers may use manipulation tactics to gain access to secure systems, but proper research and patience can help prevent successful attacks.

  Social engineering attacks can use manipulation tactics to gain access to secure systems. It is important to be cautious and not fall prey to scams or give away sensitive information. The attacker's calm and collected demeanor can be deceiving, and the aftermath of the attack can cause them to experience an adrenaline rush and physical symptoms like shaking. In-depth research and patience are important factors in conducting successful social engineering attacks. As seen in the story, waiting for the right moment and taking advantage of vulnerabilities can be critical to gaining access to secure systems.

• Techniques for Enhancing Security Measures: Continual vigilance and updated safeguard protocols are crucial in preventing hacking and intrusion attempts. The expertise of reconnaissance and surveillance tactics can aid security personnel in staying ahead of potential penetrators. Attention to detail, context, and improvisation can also strengthen security measures.

  Even with all the safeguards in place, there are still tricks and techniques that can be used to breach the security. Tinker's experience in reconnaissance, surveillance, and accessing high-security areas can help security personnel stay ahead of the game. It is important to know what other penetrators know and what tricks they use to exploit vulnerabilities. Techniques such as slowing down the breathing, opening the mouth slightly, and tilting the head can amplify hearing. Attention to minute details, context, and the ability to improvise can take a tester a long way. Therefore, security personnel need to be vigilant and ensure that safeguard protocols are always updated to withstand hacking and intrusion attempts.

• The Dangers of Open Doors and Weak Passwords in Data Security: It is essential to operate with strong passwords and secure access control policies to safeguard sensitive data. One must also maintain ethical conduct while handling information, regardless of their position in the organization.

  The story highlights the dangers of leaving doors open and weak passwords. The hacker was able to gain access to the company's laptops by taking advantage of an open door and found a weak password for the admin account. It is important to be vigilant and use strong passwords to secure sensitive information. Additionally, the story emphasizes the significance of maintaining the integrity of the place where one has stolen information. The hacker was careful in leaving the room and the equipment he accessed as he first found it. Ultimately, the story emphasizes the importance of being alert and careful regardless of what role one plays in an organization.

• Importance of Unique Passwords & Protecting Devices from Unauthorized Access: Using the same password on multiple devices leaves them vulnerable to unauthorized access. Safeguards can help prevent breaches, but using unique passwords is a standard security practice for protecting devices.

  Using the same password across multiple devices may give unauthorized access to other devices. In this case, even the local admin couldn't log in to other devices with it. The company with third-party non-Microsoft tools had put safeguards to prevent unauthorized access to their devices. Unquoted service path is a vulnerability that can be capitalized on. However, attempts to use it might fail if the attacker doesn't have writability or permission to write to the remote computer. Having unique passwords is a standard security practice that could prevent these types of breaches.

• Importance of Physical Security in Cybersecurity: Physical security and human vigilance are as important as software and technical controls. Train employees to question and verify IT admin requests, take regular breaks, and ensure antivirus systems are updated to prevent low-level threats.

  Don't rely solely on the output of the tools when trying to hack into a system. Third-party software can supersede native Windows access control. The exploit involved physically taking a USB drive with malware to another computer and dropping the malware. The attack was successful on the finance team's computer because the lady sitting next to the cubicle did not question the impersonation of an IT admin. Companies should encourage employees to take breaks and move away from their computers to avoid such attacks. Additionally, it is crucial to ensure that the antivirus system is capable of detecting even low-level threats to prevent such attacks.

• The Importance of Patience and Vigilance in Penetration Testing: When conducting penetration testing, being patient and vigilant is crucial in finding vulnerabilities and catching unauthorized access. Limit activity and only take necessary actions to ensure a successful test and address security issues.

  Penetration testing involves using tools like Metasploit to find vulnerabilities in computer systems. It is important to be patient and vigilant while waiting for the system to be compromised. Anomaly detection, such as the use of PowerShell in finance, can be used to catch unauthorized access or activity. To avoid being caught and to ensure a successful test, it is important to limit your activity and to only take necessary actions. Overall, penetration testing is a valuable tool for identifying and addressing security vulnerabilities in computer systems.

• Creating Robust Security with Proper Response and Containment: To strengthen cybersecurity, companies need to implement multiple layers of security, risk acceptance, and continual self-improvement culture. Making it hard for hackers to get in helps prevent attacks and improve security.

  To have robust security, it's not enough to detect an attack. Proper response and containment are essential. A company can make it hard for hackers to get in by having multiple layers of security, defense and depth with a strong password policy, two-factor authentication, limited access, and logging. A culture of continual self-introspection and self-awareness with a focus on continual improvement from top-down creates professionalism and improves security. Risk acceptance is also essential for a perfectly secure system may not be usable. If it takes high-end criminal groups like NSA and Mossad to hack into a system, it's acceptable. Making it harder for hackers helps prevent attacks and improve cybersecurity.