Some of the efficient methods for info know-how (IT) professionals to uncover an organization’s weaknesses earlier than the unhealthy guys do is penetration testing. By simulating real-world cyberattacks, penetration testing, typically known as pentests, supplies invaluable insights into a corporation’s safety posture, revealing weaknesses that would doubtlessly result in knowledge breaches or different safety incidents.
Vonahi Safety, the creators of vPenTest, an automatic community penetration testing platform, simply launched their annual report, “The High 10 Important Pentest Findings 2024.” On this report, Vonahi Safety performed over 10,000 automated community pentests, uncovering the highest 10 inside community pentest findings at over 1,200 organizations.
Let’s dive into every of those vital findings to higher perceive the frequent exploitable vulnerabilities organizations face and the best way to handle them successfully.
High 10 Pentest Findings & Suggestions
1. Multicast DNS (MDNS) Spoofing
Multicast DNS (mDNS) is a protocol utilized in small networks to resolve DNS names with out a native DNS server. It sends queries to the native subnet, permitting any system to reply with the requested IP handle. This may be exploited by attackers who can reply with the IP handle of their very own system.
Suggestions:
The simplest methodology for stopping exploitation is to disable mDNS altogether if it isn’t getting used. Relying on the implementation, this may be achieved by disabling the Apple Bonjour or avahi-daemon service
2. NetBIOS Identify Service (NBNS) Spoofing
NetBIOS Identify Service (NBNS) is a protocol utilized in inside networks to resolve DNS names when a DNS server is unavailable. It broadcasts queries throughout the community, and any system can reply with the requested IP handle. This may be exploited by attackers who can reply with their very own system’s IP handle.
Suggestions:
The next are some methods for stopping using NBNS in a Home windows surroundings or lowering the affect of NBNS Spoofing assaults:
- Configure the UseDnsOnlyForNameResolutions registry key to be able to stop techniques from utilizing NBNS queries (NetBIOS over TCP/IP Configuration Parameters). Set the registry DWORD to
- Disable the NetBIOS service for all Home windows hosts within the inside community. This may be completed through DHCP choices, community adapter settings, or a registry key
3. Hyperlink-local Multicast Identify Decision (LLMNR) Spoofing
Hyperlink-Native Multicast Identify Decision (LLMNR) is a protocol utilized in inside networks to resolve DNS names when a DNS server is unavailable. It broadcasts queries throughout the community, permitting any system to reply with the requested IP handle. This may be exploited by attackers who can reply with their very own system’s IP handle.
Suggestions:
The simplest methodology for stopping exploitation is to configure the Multicast Identify Decision registry key to be able to stop techniques from utilizing LLMNR queries.
- Utilizing Group Coverage: Pc ConfigurationAdministrative TemplatesNetworkDNS Shopper Flip off Multicast Identify Decision = Enabled (To manage a Home windows 2003 DC, use the Distant Server Administration Instruments for Home windows 7)
- Utilizing the Registry for Home windows Vista/7/10 House Version solely: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoft Home windows NTDNSClient EnableMulticast
4. IPV6 DNS Spoofing
IPv6 DNS spoofing happens when a rogue DHCPv6 server is deployed on a community. Since Home windows techniques favor IPv6 over IPv4, IPv6-enabled purchasers will use the DHCPv6 server if obtainable. Throughout an assault, an IPv6 DNS server is assigned to those purchasers, whereas they maintain their IPv4 configurations. This permits the attacker to intercept DNS requests by reconfiguring purchasers to make use of the attacker’s system because the DNS server.
Suggestions:
Disable IPv6 until it’s required for enterprise operations. As disabling IPv6 might doubtlessly trigger an interruption in community companies, it’s strongly suggested to check this configuration previous to mass deployment. An alternate resolution can be to implement DHCPv6 guard on community switches. Primarily, DHCPv6 guard ensures that solely a certified checklist of DHCP servers are allowed to assign leases to purchasers
5. Outdated Microsoft Home windows Methods
An outdated Microsoft Home windows system is weak to assaults because it not receives safety updates. This makes it a simple goal for attackers, who can exploit its weaknesses and doubtlessly pivot to different techniques and assets within the community.
Suggestions:
Exchange outdated variations of Microsoft Home windows with working techniques which might be up-to-date and supported by the producer.
6. IPMI Authentication Bypass
Clever Platform Administration Interface (IPMI) permits directors to handle servers centrally. Nevertheless, some servers have vulnerabilities that permit attackers bypass authentication and extract password hashes. If the password is default or weak, attackers can receive the cleartext password and acquire distant entry.
Suggestions:
Since there is no such thing as a patch obtainable for this specific vulnerability, it is suggested to carry out a number of of the next actions.
- Prohibit IPMI entry to a restricted variety of techniques – techniques which require entry for administration functions.
- Disable the IPMI service if it isn’t required for enterprise operations.
- Change the default administrator password to at least one that’s sturdy and sophisticated.
- Solely use safe protocols, corresponding to HTTPS and SSH, on the service to restrict the probabilities of an attacker from efficiently acquiring this password in a man-in-the-middle assault.
7. Microsoft Home windows RCE (BlueKeep)
Methods weak to CVE-2019-0708 (BlueKeep) had been recognized throughout testing. This Microsoft Home windows vulnerability is extremely exploitable as a result of obtainable instruments and code, permitting attackers to realize full management over affected techniques.
Suggestions:
It is suggested to use safety updates on the affected system. Moreover, the group ought to consider its patch administration program to find out the rationale for the dearth of safety updates. As this vulnerability is a generally exploited vulnerability and will lead to important entry, it needs to be remediated instantly.
8. Native Administrator Password Reuse
In the course of the inside penetration check, many techniques had been discovered to share the identical native administrator password. Compromising one native administrator account offered entry to a number of techniques, considerably rising the danger of a widespread compromise inside the group.
Suggestions:
Use an answer corresponding to Microsoft Native Administrator Password Answer (LDAPS) to make sure that the native administrator password throughout a number of techniques will not be constant.
9. Microsoft Home windows RCE (EternalBlue)
Methods weak to MS17-010 (EternalBlue) had been recognized throughout testing. This Home windows vulnerability is extremely exploitable as a result of obtainable instruments and code, permitting attackers to realize full management over affected techniques.
Suggestions:
It is suggested to use safety updates on the affected system. Moreover, the group ought to consider its patch administration program to find out the rationale for the dearth of safety updates. As this vulnerability is a generally exploited vulnerability and will lead to important entry, it needs to be remediated instantly.
10. Dell EMC IDRAC 7/8 CGI Injection (CVE-2018-1207)
Dell EMC iDRAC7/iDRAC8 variations previous to 2.52.52.52 are weak to CVE-2018-1207, a command injection subject. This permits unauthenticated attackers to execute instructions with root privileges, giving them full management over the iDRAC system.
Suggestions:
Improve the firmware to the newest doable model.
Widespread Causes of Important Pentest Findings
Whereas every of those findings emerged from a special exploit, there are some issues that a lot of them have in frequent. The foundation causes of most of the prime vital pentest findings continues to be configuration weaknesses and patching deficiencies.
Configuration weaknesses
Configuration weaknesses are sometimes as a result of improperly hardened companies inside techniques deployed by directors, and include points corresponding to weak/default credentials, unnecessarily uncovered companies or extreme consumer permissions. Though a few of the configuration weaknesses could also be exploitable in restricted circumstances, the potential affect of a profitable assault might be comparatively excessive.
Patching deficiencies
Patching deficiencies nonetheless show to be a serious subject for organizations and are sometimes as a result of causes corresponding to compatibility and, oftentimes, configuration points inside the patch administration resolution.
These two main points alone show the necessity for frequent penetration testing. Whereas once-a-year testing has been the standard strategy for penetration testing, ongoing testing supplies a big quantity of worth in figuring out important gaps nearer to real-time context of how safety dangers can result in important compromises. For instance, Tenable’s Nessus scanner may establish LLMNR however solely as informational. Quarterly or month-to-month community penetration testing with Vonahi’s vPenTest not solely highlights these points but in addition explains their potential affect.
What’s vPenTest?
vPenTest is a number one, absolutely automated community penetration testing platform that proactively helps cut back safety dangers and breaches throughout a corporation’s IT surroundings. It removes the hassles of discovering a professional community penetration tester and supplies high quality deliverables that talk what vulnerabilities had been recognized, what threat they current to the group together with the best way to remediate these vulnerabilities from a technical and strategic standpoint. Better of all, it may well assist bolster the group’s compliance administration capabilities.
vPenTest: Key Options & Advantages
- Complete Assessments: Run each inside and exterior assessments to totally look at all potential entry factors in your community.
- Actual-World Simulation: Simulate real-world cyber threats to realize useful insights into your safety posture.
- Well timed and Actionable Reporting: Obtain detailed, easy-to-understand reviews with vulnerabilities, their impacts, and beneficial actions.
- Ongoing Testing: Set month-to-month testing intervals to make sure proactive and responsive safety measures.
- Environment friendly Incident Response: Establish vulnerabilities early to arrange for potential safety incidents successfully.
- Compliance Alignment: Meet regulatory compliance necessities corresponding to SOC2, PCI DSS, HIPAA, ISO 27001, and cyber insurance coverage necessities.
Get a free trial at the moment and see how simple it’s to make use of vPenTest to proactively establish your dangers to cyberattacks in real-time.
