Category Archives: General

pentest left1

Notes from the field – Penetration tests

General, Networking, Windows, , , , ,

This blog post is by no means a comprehensive guide from an expert in the cyber security area. However my previous role meant I had the pleasure of reviewing a number of customer penetration tests and from this, pretty much all of them were all exploited in the same way. So I put together some basic information for any of my customers to review and think about before they had a penetration booked.

After all, might as well make it a challenge for the people you are hiring to hack your network đŸ˜‰

Methodology

Ok, so I’m only going to cover the basics, as there are far better articles out there on this.

  • Reconnaissance
    • Information gathering before attending the targets site
      • IP addresses of websites and MX record details
      • Details of email addresses (shared mailboxes, employees direct)
      • Social networks (details shared on LinkedIn by Employees, the companies twitter posts etc)
        • Consider the below twitter post by a company, what information can you glean from seeing a picture of their racks and other equipment.
        • If we know the company name, we can enumerate the various domain names they own to public IP addresses, and just plug that into a website like http://shodan.io and maybe look for that Sonicwall and find out if its running the latest firmware.
        • Below when zooming in on the image, we can find details of an ADSL line
        • twitter post edited
      • Job websites; are they hiring, especially in IT, what skills do they want? Looking for an engineer that knows a particular accountancy package?
  • Enumeration/Identification
    • Assessment of devices found and the search for vulnerabilities
      • Tools in use such as, but not limited to; nmap, Nessus, Metasploit, unicornscan, nikto, dotdotpwn, gobuster.
  • Exploitation
    • Create a plan of action/attack based on the information gathered.
    • Perform the attack/exploitation itself to achieve the end goal, usually access to systems from zero, escalation with the end goal being access to private/sensitive/restricted systems and data.
    • Tools in use such as, but not limited to; Kali Linux (OS and contains a lot of tooling), Nmap, Metasploit, BurpSuite, SQLMap, padbuster, custom exploit scripts
Common exploits to gain access

Ok so first, lets review how multiple networks were exploited or hacked.

Below is the common summary of issues found at many sites I reviewed, and this is what I will cover in this blog post ;

  • Null session authentication on Domain Controllers
  • Devices configured to use NBT-NS / LLMNR
  • SMB Signing
  • NTLMv1 in use for network authentication
  • Domain Users have Local Admin permissions to their machines
  • Poor password policy
  • No split accounts for Domain Admins
  • Poor patching on systems
Null Session Authentication

By default null sessions (unauthenticated) are enabled on Windows 2000 & 2003 servers. Therefore anyone can use these NULL connections to enumerate potentially sensitive information from the servers, read this as information from your Active Directory.

Therefore anyone with a legacy domain which has been upgraded through the years, will find that Null Session Authentication is enabled on their environments.

Seeing it in action Continue reading Notes from the field – Penetration tests

vcommunity banner

Interview – Ian Sanderson talks community and career growth

General, , , , ,

The last interview I wrote up was back in 2017, although I’ve made efforts to kick off a continuation of this series, I stalled. I recently went over some of the past interviews and its amazing how in 18 month or so, people’s careers and focuses have changed, never mind the IT industry.

Ian bookSo kicking off the first interview of 2019, I reached out to my friend Ian Sanderson. Ian has 15 years of IT experience under his belt, taking the usual route into the IT industry, “I cut my teeth in the virtualisation world with Hyper-V in 2008, but my focus has been VMware since 2010”, he tells me as we kick off discussing “Ian in his own words.”

Ian and myself became friends and comrades with similar interests due to our activity in the IT community, interactions on twitter soon turned into bumping into one another at events, and catching up over coffee, and late night drinks at vendor community programs.

I ask Ian to define what the IT community means to him, “Community to me is like having an extended family of people who you can bounce ideas off, or call upon for help with other things” he says, “It is not a one way street though. I try my best to give back to people in any way I can help out. It’s really about comradery & helping each other achieve their end goals.”

“The wealth of collective knowledge in the vCommunity honestly amazes me. There is always someone, somewhere who has the solution to a problem you may have.”

So where did it all start for Ian? “My first real interactions with the community kicked off when I became a Veeam Vanguard in 2016. Prior to that I had the odd interaction on twitter and an outdated blog but nothing really significant. Being virtually air dropped into a group of like-minded people who love Veeam really sparked my passion for getting more involved in community events.”

I’m not shocked to find this answer pretty much echos similar answers to others in the IT community. Small steps into twitter; invites to slack groups; and a sense of needing to give back to the community we have all taken so much from. (We’ve all googled for an answer, and ended up at someones personal blog post, finding they have fixed the same issue).

Career progression

It’s no secret that a lot of ambitious IT folk have gone on to do very well in their perspective areas boosted by their work/activity in the IT community. There’s no secret group or handshakes, just purely hard work, a love of technology, and mostly a friendly atmosphere, as Ian equates earlier “Its really about comradery and helping each other achieve their end goals.” Continue reading Interview – Ian Sanderson talks community and career growth

Episode109

Virtually Speaking Podcast – Guest appearance – Ep 109 – Fire, Flood, Blood

VMware, General, ,

I’m delighted to be a guest on the Virtually Speaking podcast, in their latest episode release “Fire, Flood, Blood”. I’m lucky enough to have met the hosts of Virtually Speaking podcast in person. John Nicolson and Pete Fletcher are both great guys and incredibly knowledgable. Whilst we all attended a Veeam Vanguard Summit in Prague, they took an audio recording of myself for the latest podcast.

You can find the full webpage and run through here, and audio below.

  • https://blogs.vmware.com/virtualblocks/2019/03/15/vspeaking-podcast-episode-109-fire-flood-blood/

Regards

Dean


VMware logo gry RGB 300dpi

Yet another “I’ve got a new job” blog post

General,

So I think I seen someone say on Twitter its silly season as we enter the winter period with people announcing they are moving jobs etc. And given the number of tweets about new jobs and blog posts, I think they are correct.

Well I won’t drag this out.

I’m joining VMware as a Technical Account Manager in December working across the UK. Over the past few years my focus or rather enjoyment of my roles, has been around the customer and building strategies with them. So this role fits in nicely especially for a company whose products I’ve tried my best to specialise in for the past few years.

VMware logo gry RGB 300dpi

Thanks to all those who have helped me in my journey or simply just said “don’t worry, you’ll smash the interview”.

Onwards and upwards.

IMG 0159Image Source

 

Regards

Dean


This blog has been rebranded

General

Hi All,

So after owning the vEducate.co.uk domain for a while, I’ve finally got around to re-branding the blog and even produced a basic logo.

I’ll retain educationalcentre.co.uk and redirect to the new domain, so that anyone who crops up on my older links can still find me!

I will probably write-up a post soon detailing the process of changing the domain name and what broke đŸ˜€ Thanks to those who helped me get it up and running yesterday.

veducate laptop

 

Regards

Dean