Additionally, if your target has robust network monitoring in place you may want to carefully consider the repositories you’re pulling packages and source code from. If you were to do this without using the Penetration Tester’s Framework (PTF) you might not have a fun time. You can certainly build a Virtual Machine for yourself and then install nmap and/or Metasploit.
Occasionally clients aren’t as comfortable about a potentially rogue device on their network, so we may build out a VM or a Kali container for them to deploy on their Private Cloud.īut let’s say that you’re performing a Red Team engagement and you’re able to gain access to your target’s Cloud Provisioning tools.
When we perform Internal Pentest engagements sometimes we’ll send a phone-home device instead of a consultant. This occurs occasionally during our Red Team engagements, where it would just be great if we just had nmap or Metasploit deployed somewhere inside our client’s environment. Sometimes, on engagements, you don’t have the exact tools you’d like immediately available. The full story surrounding the team’s accomplishment is best for another blog, however today we’ll discuss what we did after gaining access to the client’s Private Cloud Provisioning software. Having lost our foothold, we identified a new opportunity and gained access via their Citrix deployment. We breached the client’s perimeter through a fairly uncommon application server, however, due to the risk of that initial foothold our client chose correctly to close the access after we could demonstrate lateral movement capability. This is a story from one of our more recent Red Team engagements and what we did after gaining access to the target client’s environment.
0 kommentar(er)
