Think your Defences are Hard to Breach? Think Again
Greetings to the last in our Breakfast series by Perspective Risk’s (PR’s) cyber-security expert Abdul Ikbal. In this post, Abdul tells how seemingly small chinks in an organisation’s armour can enable attackers to make huge gains.
Red Teaming – what we’ve learned so far
During this series I’ve shown how I can compromise your security by:
- Breaking into your building
- Convincing you to handover your password
- Seeing everything you publish about yourself and your organisation
- Tricking your staff into giving me access to your network
So what’s left? As we often say at PR, everything is an opportunity. This is never more so than in the world of IT security, and it’s a mantra my Red Team live by.
Red Team Tales of Breached Defences
So how does this work in practice? A Red Team’s remit (unless the scoping documentation states otherwise) is to gain access to the client’s network and sensitive information by whatever methods necessary, no holds barred. It’s one of the surest ways of testing an organisation’s security.
During a red team engagement a couple of years back, my colleague X identified a login page. You may be thinking, nothing to see there, it’s protected by authentication. Nope. X did what’s been instilled in him since his first black box pentest engagement: with proper investigation, everything is potentially a way in.
Our man rapidly identified default credentials on the management login page and made an interesting find; access to the client’s CCTV kingdom no less. He passed the newly acquired information to PR’s physical social engineer who proceeded to compromise the company’s perimeter security controls in short order.
Compromised Door Controls
Another opportunity that ‘presented itself’ was when colleague Y located an unauthenticated web service. Again, at first not much to see there, with few responses shown for fuzzed requests. Persistence is key however. Our consultant found that altering the parameter input changed the way the door access control operated. In simple terms, a positive value opened the building’s main entrance door and a negative value closed the doors.
Let’s pause for a moment and imagine the havoc that could have ensued had this been in the wrong hands. The intelligence was relayed to another of our ‘stealth agents’ who proceeded to stroll through the doors into a highly sensitive environment. Naturally he swiped his debit card against the RFID reader so not to arouse any suspicions as he did so.
Remember, nothing is as it seems and no organisation is 100% secure. When thinking about your company’s security, adopt an ‘everything is an opportunity’ mindset.
If you would like PR to act as an extension of your security team, or be your team, we’d be glad to hear from you. Just click here to contact us.