Our team has collected two years worth of internal penetration testing data to put together a white paper covering our most frequent footholds that lead to full network compromises.
The data clearly shows that passwords and patching continue to be a significant problem. Nearly half of all compromises achieved by RSM’s testing team between 2018 and 2020 were a direct result of poor password policies and weak password selection. MS17-010 and the BlueKeep vulnerability also led to a notable number of successful attack scenarios.
Additional details and analysis are available within the white paper which can be found here.