Redbot Security – How to prevent a network cyber attack

Keys to Kingdom

You’re handing over the keys to the kingdom – How hackers gain complete control of your network, and it has nothing to do with ransomware. Prevent the next cyber attack

When Redbot Security performs our manual controlled penetration testing (MCPT) for Network Security, we begin with a discovery phase.  Part of this discovery phase is to perform full port scans on external IP addresses to ensure that addresses have limited ports/services exposed to the Internet.  Exploiting, we utilize custom proprietary scripts on vulnerabilities that might be more complex (Contact us to discuss our methodology).  Pivoting to internal network security testing, we typically test from an assumed breached position,   sitting on internal network via VPN access- simulating a workstation compromise.

Did you know that The average time to identify a cyberbreach in 2020 was 207 days. Source IBM

Let’s explore some of the more common exploitable vulnerabilities that Redbot Security often finds during our network testing phase. The good news: These common issues are easy to remediate to prevent cyber attacks.

Weak Passwords

During testing its not uncommon for us to find critical-rated vulnerabilities due to weak passwords. Even though a company can have strong domain password policy in place (requiring a minimum length of 14 characters) , many times a handful of accounts on the network still have older passwords in use. Many of these type of passwords do not fit the current domain password policy and use easily ‘crack-able’ 8 character passwords, and in addition have a policy for passwords that does not expire. Not surprisingly, many times we find that these non-updated passwords/ accounts are domain administrator accounts with easily guessable passwords which Redbot Security is able to crack within a few days of testing.

Even though your password policy might have an excellent minimum length requirement, the password policy’s “minimum password age” is also very important.  When the password minimum age is set to none, a domain user has the ability to cycle through 5 passwords to get back to their original password all in the same day. Make sure you set  this value to “1” or greater, and a domain user would have to wait at least 1 day before changing their password which ultimately would deter them from cycling passwords.

Outdated systems

Most companies know that critical vulnerabilities can be resolved simply by updating critical security patches. However, more often than not, many systems across multiple client sectors  are found to be using obsolete operating systems and missing patches such as the MS17-010 critical security update. This will inevitably allow Redbot Security to exploit these vulnerabilities gaining local administrator access and obtaining cleartext passwords for domain administrator accounts that stored in the system’s memory.

Operating systems such as Windows XP, Windows 7, and Windows Server 2008 no longer receive critical security updates/patches from Microsoft. Due to the lack of patches, malware using current exploits could be used with no current security updates to stop it.

SMB signing

Another common exploitable vulnerability is for Redbot Security to find systems with SMB signing set to “disabled”. SMB signing is a security feature in Windows that helps prevent Man-in-the-Middle (MitM) attacks using the SMB protocol. When this is set to “disabled” instead of “required”, Malicious Actors can easily perform SMB-relay attacks to gain local administrator access to the affected systems.

Printers

Yes, believe it or not, printers can be the starting point for a complete network take-over. Due to a basic oversight, many companies keep default passwords in use on office printers.   Hackers can obtain basic domain credentials in use by the printer by  scanning for domain user account. With this basic domain account, its fairly easy for hackers to be able to enumerate active directory usernames, groups, group memberships, and the password policies.

FTP and telnet services

These services transmit data in cleartext including credentials and should not be used on the network as a malicious insider could sniff the traffic to obtain the data. Furthermore when anonymous FTP is enabled anyone can login to the FTP instances using the “anonymous” account with any password provided.

And the last tip of the day, don’t use default community names for SNMP services.  When using default community names any user on the network can download information about the system(s) to include user lists, network information on the system, and software installed on the system, leaving you exposed to potential vulnerabilities than can be chained to together for an effective attack.

Maintaining Positive Controls to prevent a cyber attack

When reviewing your current security the positive controls you have in place can make it more difficult for a bad actor to get in and gain control.  Here are a few controls that should be in place.

  • Create domain password policy that required a minimum length of 14 characters.
  • Have threat detection controls in place to view network traffic and to be alerted to specific activities.
  • Make sure Domain controllers have a GPO in place to prevent storing of LM hashes.
  • Update routers/switches
  • Do not use default passwords, even on printers
  • Do not allow your Internet-facing firewalls to have excessive ports inbound from the Internet or outbound to the Internet.

Did you find this article interesting, useful?  Let us know in the comment section below.

About Redbot Security

Redbot Security is the leading US penetration testing company, providing unparalleled manual controlled testing and enterprise reporting.  We work closely with every type of company from SMB to fortune 500. Redbot Security’s Manual Controlled Penetration Testing utilizes a comprehensive assessment methodology, providing results with the utmost accuracy and ensuring representational coverage of risks facing an application or information system.

Penetration Testing Can help your team find exploitable vulnerabilities before bad actors find them.

If you are looking to find exploitable vulnerabilities on your OT/IT networks, Manual Controlled Penetration Testing (MCPT) is an easy to execute cost effective solution.

With Redbot Security you get reports written by experts that highlight key data and exactly how targets were compromised as well as recommendations on best practices along with complete review of remediation recommendations.

Redbot Security’s MCPT is a complete service provided by our team of IT/OT network/system experts to ensure that vulnerabilities are minimized and that your defenses are running in top shape by offering the following:

  • Penetration Testing (black-box, gray-box, white-box)
  • Real-World Attacker Tactics and Techniques- Controlled Manual Penetration Testing without Interruption
  • Actionable and easy-to-follow results – Risk Rating, Exploit Storyboard and Remediation Recommendations
  • Retesting is included in our service model.

Learn more here

What are the stages in a penetration test?2023-01-22T17:27:15+00:00

The Six Stages of Penetration Testing

  • Discovery. The first phase of penetration testing is OSINT and Discovery.
  • Testing. Testing phase is performed by qualified engineers that utilize both automated and manual exploitation testing techniques and tools
  • Assessment. Determine Risk to organization
  • Knowledge Sharing.  Provide clear results with Remediation planning
  • Remediation.  Organization remediates findings that pose a risk.
  • Retesting. Retesting of remediated vulnerabilities and final report delivery

Learn more about penetration testing services

Redbot Security is a boutique penetration testing house with a team of highly skilled U.S. Based Senior Level Engineers that specialize in providing ‘Penetration Testing Services’ for a wide range of industries.  The Company delivers True Manual Penetration Testing.

To learn more about Penetration Testing Services you can visit our in-depth articles that discuss a wide range of penetration testing services, or visit our Frequently Asked Questions page to quickly find the penetration testing information you are seeking.

If you have specific questions related to a penetration testing project, please reach out to us!

What are Penetration Testing Services?2023-01-22T17:02:57+00:00

Definition: Penetration Testing Services will  simulate a hacking attack and is usually performed by qualified penetration testing companies.  The simulated attack will test the security of networks, applications and devices. Many qualified Penetration testing engineers utilize the same tools and techniques that a malicious actor will use in the real world.  Once the Penetration Test is complete the business is able to access and remediate vulnerabilities that were found within their systems.

Does Redbot Security Provide Social Engineering?2023-01-22T17:52:21+00:00

Yes, Redbot Security provides both physical and electronic Social Engineering and will utilize real word tactics to simulate an attack on a company. Want to know more about social engineering?  View Social Hacking article here.

Learn more about penetration testing services

Redbot Security is a boutique penetration testing house with a team of highly skilled U.S. Based Senior Level Engineers that specialize in providing ‘Penetration Testing Services’ for a wide range of industries.  The Company delivers True Manual Penetration Testing.

To learn more about Penetration Testing Services you can visit our in-depth articles that discuss a wide range of penetration testing services, or visit our Frequently Asked Questions page to quickly find the penetration testing information you are seeking.

If you have specific questions related to a penetration testing project, please reach out to us!

What is Redbot Security’s Manual Controlled Penetration Testing?2022-08-22T15:06:13+00:00

MCPT® or Manual Controlled Penetration Testing [manual penetration testing] is a controlled assessment of networks and applications that is able to safely identify and validate real world vulnerabilities that are potentially exploitable.  Manual Penetration Testing removes false positives and provides proof of concept reporting along with a exploit storyboard for easier remediation.

What Framework does Redbot Security follow?2022-07-26T17:52:04+00:00

REDBOT SECURITY’S HYBRID APPROACH TO PENETRATION TESTING SOURCES INDUSTRY-LEADING FRAMEWORKS AND COMBINES SENIOR-LEVEL TALENT WITH OVER 20 YEARS OF EXPERIENCE TO TAILOR ALL CLIENT ENGAGEMENTS. SOME FRAMEWORKS AND TESTING GUIDES LEVERAGED BY REDBOT SECURITY INCLUDE:

  • NIST SPECIAL PUBLICATION 800-115
  • PCI PENETRATION TESTING GUIDE
  • OPEN WEB APPLICATION SECURITY PROJECT
  • OWASP WSTGV4
  • OWASP TOP 10 LISTS
  • OWASP SECURITY PROJECTS
  • PENETRATION TESTING EXECUTION STANDARD (PTES)
  • OPEN-SOURCE SECURITY TESTING METHODOLOGY MANUAL (OSSTMM)
  • INFORMATION SYSTEMS SECURITY ASSESSMENT FRAMEWORK (ISSAF)
  • MITRE ATT&CK FRAMEWORK
Does Redbot Security have verifiable certifications?2022-07-26T17:50:19+00:00

Yes, the combined team list only certifications that are verifiable.  The current team certifications are as follows:

Amazon Web Services Cloud Practitioner, CompTIA A+ CISSP, Certified Cloudera Administrator for Hadoop (CCAH), Certified Ethical Hacker (CEH), Cisco Certified Network Associate (CCNA), GIAC, CompTIA Linux+, Marine Corp Red Team Operator, Metasploit Professional, Certified Specialist, Nexpose, Certified Administrator (NCA,) Microsoft Certified Professional (MCP), CompTIA Network+, CompTIA IT, Operations Specialist (CIOS), CompTIA Secure Infrastructure Specialist (CSIS), Offensive Security Certified Professional (OSCP), GIAC Certified Penetration Tester (GPEN), Metasploit Professional, Certified Specialist Rapid7, Advanced Vulnerability Manager Rapid7, Network Assault Certified Rapid7, Application Assault Certified, GIAC Exploit Researcher, Advanced Penetration Tester (GXPN), GIAC Mobile Device Security Analyst (GMOB), GIAC Advanced Smartphone Forensics (GASF), GIAC Reverse Engineering Malware (GREM), GIAC Network Forensics Analyst (GNFA), GIAC Certified Intrusion Analyst (GCFA), GIAC Certified Forensic Examiner (GCFE), GIAC Security Essentials (GSEC), Portswigger Burpsuite Certified Practitioner, Cisco Certified Network Associate (CCNA), Cisco Certified Network Associate-wireless, Certified Ethical Hacker (CEH), CompTIA Network+US Navy, Joint Cyber Analyst Course (JCAC)

Does Redbot Security employ U.S. Based Engineers?2023-01-24T16:02:13+00:00

Yes, due to security concerns, Redbot Security’s Engineering Team is 100% U.S. based, background checked and certified Full-time Sr. Level employees. Redbot Security does not use independent contractors, freelancers or sub contractors.

How long has Redbot Security been in business?2022-07-26T17:44:23+00:00

The company started as a VAR, partnering with Palo Alto, Fortinet and HPE in 2016 and transitioned to Pen-testing Company early 2019.

Does Redbot Security provide MDR?2023-01-23T16:54:31+00:00

No, Redbot Security does not provide Managed Threat Detection and Response, however the company provides Dark Web Monitoring and focuses on Penetration Testing only.

Does Redbot Security share a sample report?2022-07-26T17:40:19+00:00

Yes, Redbot Security will share a sample report with potential clients that sign a Mutual NDA and have a valid project.

Is Redbot Security hiring?2022-07-26T17:38:58+00:00

Yes, Redbot Security is always on the lookout for top talent and pays the industry’s top pay.  You can learn more about opportunities on Redbot Security’s career page.

Does Redbot Security have a corporate office?2022-07-26T17:38:01+00:00

Yes. Redbot Security is located in the heart of Downtown Denver at the Dominion Towers.  Redbot Security’s Corporate office address is 600 17th Street, Denver, Colorado, USA.

Who is Redbot Security’s lead engineer?2022-07-26T17:37:56+00:00

Redbot Security’s principal security engineer is Andrew Bindner who is also Redbot Security’s CSO.  Andrew  was formerly a manager at Rapid7 and Coalfire Sr. Penetration Tester with 20+ years of hands-on security experience leading teams or working individually on highly technical engagements for a wide variety of commercial and government industries in IT and security.

Does Redbot Security have to be onsite to test?2022-07-26T17:37:50+00:00

No. Redbot Security can test from a remote perspective, however many times with critical system testing Redbot Security will recommend onsite testing.

Does Redbot Security Test Critical Infrastructure?2022-07-26T17:37:42+00:00

Yes.  Redbot Security provides Industrial testing of ICS/SCADA networks that operate water, electric, manufacturing, transportation and more.

Who is Redbot Security?2022-07-27T18:47:42+00:00

Redbot Security is a U.S. based Boutique Penetration Testing company that specializes in Network and Application Testing.  The company employs a small group of highly talented and experienced Sr. Level Engineers.

How do we schedule our service with Redbot Security?2022-07-26T17:28:19+00:00

Service scheduling is easy.  The first step is to contact us via our contact form and let us know what type of project you have.  Once we determine scope we provide a quick cost estimate.  When the estimate is approved we issue a contract and begin scheduling of your project.  We are rapid in our response, delivery of estimate and scheduling.

Does Redbot Security Provide Retesting?2022-07-26T17:28:10+00:00

Yes,  After your initial penetration test is performed, we deliver your 1st report that has proof of exploits and remediation steps to take to fix issues.  Once your company remediates findings, Redbot Security will perform a retest to validate that your issues have been resolved.  We then deliver a final report and client letter of attestation (if needed).  All of our retesting is built-in to our pricing model.

Redbot Security

Redbot Security provides Network, Application, Mobile,  and critical infrastructure security testing without disruption. Our team is led by the Nation’s top ICS/SCADA and Senior Level Fully Certified Penetration Testing Experts. We have a proven track record and can help to secure your networks during these times of increased threats.

Learn More.

Penetration Testing Quote
Related Posts
Summary
2023-01-13T18:26:40+00:00

3 Comments

  1. […] Tips on how to secure your network (vulnerabilities that Penetration Testing Companies find) […]

  2. zortilonrel November 6, 2021 at 3:22 am - Reply

    Really enjoyed this blog post, can I set it up so I get an email when there is a fresh article?

  3. […] on new methods and exploits in order to out pace the current threat environment. Check out some useful fixes (easy)  that will immediately help to secure your network […]

Leave A Comment