jeudi 26 juillet 2018

Report shows that most Pentesters are successful

Companies of all sizes hire Pentesters to test the security of their networks, apps, websites, wifi and so on.
Generally they give you parameters and say "See if you can get in". Many times the scope is very narrow either because they're only testing a specific access point, or they're only interested in protecting one thing, one way.

Usually the goal is to expoint weaknesses, and then tell them how you did it so that they can fix those holes.

You might think that Ethical hackers and Pentesters use sophisticated methods, zero day ( not known in any database) exploits and expensive tools to do breach a network. That's not true. Most times the easiest ways still work.

Software not updated.
Guessing easy passwords
Email Phishing
Lax on site security


Quote:

The pen testers weren't relying on finding novel software exploits; in only one encounter was a "zero day" exploit used, and that was in conjunction with other, previously known vulnerabilities.

Virtually every vulnerability exploited was a well-documented exploit, including SMB Relay, broadcast name resolution, cross-site scripting, or SQL injection.User credentials are the next most exploitable point of entry, with at least one credential captured in more than half (53%) of all the tests, and testers reported that simple password-guessing was the most effective method of gaining those credentials. The guessing game is assisted by users who include the company name (5%), "Password" (3%), or the season (1.4%), in their password — a password that will be 10 characters or shorter 84% of the time.
https://www.darkreading.com/threat-i...d/d-id/1332368

When I'm out and about I will scan around for available networks just to see what people have. Homes, stores and other small businesses. 90% of the time I see multiple networks that I can probably get into. Open wifi, old routers, old security standards and so on. Almost NO ONE out there seems to be very well protected.

Whenever I'm in a business at a desk or at a register I'm frequently face to face with the back of a computer with open USB ports starting right at me. Even in the big box stores.

Whether you have an office or location or work from home, how secure do you think you are against the most basic hacks?
If you know this is something you need to get on, what holds you back from getting started?

Just curious where everyone is.


Aucun commentaire:

Enregistrer un commentaire