During an attack, a threat actor can often enumerate leverageable information through open-source intelligence (OSINT) gathering techniques. This can include information on users that are present on the target environment, such as usernames and email addresses. Often, a threat actor can use this information to craft a targeted list of users to facilitate a variety of attack ... READ MORE
Blog
2022 Attack Vectors Report
For many years, RSM has made a continuous effort to assist organizations in addressing cybersecurity challenges, provide tools to achieve a desired state of security, and deliver guidance for attack prevention. We perform security penetration testing to simulate attacks on internal networks and closely mimic security breaches within controlled environments. By conducting these ... READ MORE
Back to Basics: Kerberoasting
Welcome back to our "Back to Basics" series, where we provide you with an overview of the bread and butter pentesting techniques that we regularly see compromise networks. In this week's installment, we're looking at Kerberoasting. Kerberoasting is a method to capture hashed passwords using the Kerberos network authentication protocol. This protocol protects network services ... READ MORE
Back to Basics: Microsoft Exploits
Often, software vendors such as Microsoft release security patches for their products. Instead of a full-scale upgrade, patches are smaller, targeted updates that address vulnerabilities discovered in the current version of the product. The vulnerabilities fixed by these patches are often critical issues that can be exploited by attackers to gain access to sensitive information ... READ MORE
What Recent Cyberattacks Teach Us
Cyberattacks have been in mainstream news again in recent weeks, as the hacker group Lapsus$ has launched several successful attacks against major companies. Recently, police in Oxfordshire arrested an unnamed seventeen-year-old known by the alias Tea Pot who has been credited as the one responsible for these notable attacks. For those familiar with common penetration testing ... READ MORE
Back to Basics: LLMNR and NBT-NS Spoofing
After performing initial network reconnaissance and enumeration in a penetration test, there are a vast number of potential pathways into obtaining an initial foothold in a targeted network that can be overwhelming to a pen tester. One of the most basic, but tried and true initial attack vectors that I’ve seen utilized in penetration tests is performing Link-Local Multicast ... READ MORE
The easiest way to not get eaten is to at least try to not look like food: Critical asset considerations – Part 2
We are back! We didn’t go anywhere we have just been busy like everyone else. Today, we carry on my favorite miniseries of the best way to not get eaten is to not look like food; proverbially of course. Part 2 of this is regarding critical asset protections. This includes, but again not limited to, domain controllers and critical asset backups, business continuity planning, ... READ MORE
All quiet on the western front (for now)
Over 100 years ago, the Great War was being waged in what is now central and eastern Europe, along with Russia. During the “war to end all wars,” the world saw significant technology changes that brought new, and often terrifying, ways to inflict damage on people and countries. Fast forward to early 2022 and the Russia-Ukraine war, where we are seeing another wave of ... READ MORE
CVE 2022 30190 “Follina”
Have you ever had to download a Microsoft Word document from a co-worker, friend, family member? I know I have. Now imagine you think you receive a Word document from your boss titled “New Promotions/Raises”. Without thinking, you go to download and access the file, and then a weird window pops up about Microsoft Windows Diagnostic Tool. The document is blank, which is weird, ... READ MORE
CISA Issues Rare Directive Regarding VMware Exploits
In a directive posted on May 18, 2022, the Cybersecurity and Infrastructure Security Agency (CISA) declared that all Federal Civilian Executive Branch agencies were required to perform actions on several VMware products: VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation vRealize Suite ... READ MORE