Jack Recider

So in the meantime, he's looking around the network to see what else is there. A good place to start is Nmap. Nmap is a basic tool that you can use to quickly scan the network to see what's there. It'll basically ping every IP address in the network to see what responds. And if any do, then it'll try to see if that host has any open ports.

So in the meantime, he's looking around the network to see what else is there. A good place to start is Nmap. Nmap is a basic tool that you can use to quickly scan the network to see what's there. It'll basically ping every IP address in the network to see what responds. And if any do, then it'll try to see if that host has any open ports.

Then Nmap will spit out a report saying, here are all the computers on the network that I found to be alive, and these are their open ports. Exactly, yeah.

Then Nmap will spit out a report saying, here are all the computers on the network that I found to be alive, and these are their open ports. Exactly, yeah.

So there's a lot of stuff going on at once. He's got these background tasks running to try to get more usernames and hashes, and he's also trying to crack the hash he's got.

So there's a lot of stuff going on at once. He's got these background tasks running to try to get more usernames and hashes, and he's also trying to crack the hash he's got.

Boom. He cracked the password. Yes. But who is this user? Are they just like a low-level user? Or are they a system admin? He has to find out. And to do that, he logs into a computer on the network to see what his access is. And it's a normal user with no special privileges.

Boom. He cracked the password. Yes. But who is this user? Are they just like a low-level user? Or are they a system admin? He has to find out. And to do that, he logs into a computer on the network to see what his access is. And it's a normal user with no special privileges.

Let's just say it was an inappropriate place to put a camera in an office if that lady wasn't aware of it. Joe knew that what he was looking at was potentially going to get someone fired. So he had to proceed with caution here.

Let's just say it was an inappropriate place to put a camera in an office if that lady wasn't aware of it. Joe knew that what he was looking at was potentially going to get someone fired. So he had to proceed with caution here.

It's interesting to stumble upon this as a security consultant, since it's not really a network security issue. It's more of a see something, say something issue. Like, do you even put this in the final security report? Joe went on to complete the pen test, and he found some misconfigurations in Active Directory, which gave him administrator access, which pretty much gives him keys to the kingdom.

It's interesting to stumble upon this as a security consultant, since it's not really a network security issue. It's more of a see something, say something issue. Like, do you even put this in the final security report? Joe went on to complete the pen test, and he found some misconfigurations in Active Directory, which gave him administrator access, which pretty much gives him keys to the kingdom.

The network admin can reset anyone's password, see all shared drives, probably even read everyone's email. So he put all this into a report and delivered his findings on the final call.

The network admin can reset anyone's password, see all shared drives, probably even read everyone's email. So he put all this into a report and delivered his findings on the final call.

Yeah, as far as like your success rate, I mean, you're always going to find something, even if it's like a CVV level three. But I mean, as far as just success rate of just like owning the whole network and gaining access to sensitive systems, getting half the user's passwords in the whole organization, that kind of thing, is that fairly high?

Yeah, as far as like your success rate, I mean, you're always going to find something, even if it's like a CVV level three. But I mean, as far as just success rate of just like owning the whole network and gaining access to sensitive systems, getting half the user's passwords in the whole organization, that kind of thing, is that fairly high?

Do you feel pretty confident like, yeah, I'll probably be able to own this network?

Do you feel pretty confident like, yeah, I'll probably be able to own this network?

And I think he can get to that point because of how many penetration tests he's done. He's gone into dozens of networks and exploited hundreds of devices. And after doing it over and over and over, you start to develop a pattern and know exactly where to look for weaknesses. And once you do develop a pattern, pen tests start to become automatic since they repeat the same steps almost every time.

And I think he can get to that point because of how many penetration tests he's done. He's gone into dozens of networks and exploited hundreds of devices. And after doing it over and over and over, you start to develop a pattern and know exactly where to look for weaknesses. And once you do develop a pattern, pen tests start to become automatic since they repeat the same steps almost every time.