Skip to main content
redteam_security_vpn

随着远程桌面协议(RDP)和虚拟专用网(VPN)的发展,黑客攻击行为不断增加, 公司需要定期更新远程访问软件和所有可以用来访问公司数据的系统.

According to the Verizon 2021 Data Breach Investigations Report, "Organizations that neglected to implement multi-factor authentication, along with virtual private networks, 占大流行病期间目标受害者的很大比例, 因为越来越多的人正在进行需要远程桌面连接和VPN的远程工作.

Network Security Solutions Through Adversarial Attack Simulation

Red团队安全高级对手模拟的一个关键特征是时间的奢侈. Just as a real adversary will spend weeks, 如果不是数月, blending into a company's network, 冰球突破豪华版试玩的团队使用了攻击载体的组合来隐藏他们的身份. 他们执行经过深思熟虑的战术,缓慢而有目的地达到他们的目标.

例如, if Red团队 tests a hybrid network environment, they will first obtain a foothold in the target environment. 在那里,他们使用各种持久性机制来维持这个立足点. The team evaluates their current position against the target. 他们开始采取步骤升级他们的存在,并向目标移动使用VPN隧道. 这一阶段的所有活动都保持在绝对最小,因为多余的活动可能被偷听并危及整个操作. Once in the cloud, 他们评估进度,并决定如何最好地获得对未授权数据的下一级别访问. Using additional in-house developed tools to ensure they don't lose any forward progress; they 搜索 out data for exfiltration.

上面的例子使用了各种攻击媒介,团队可能需要几天甚至几周的时间来实现他们的目标. 这是一个相关的例子,因为远程访问系统和VPN仍然是攻击者的常见入口. 黑客可以很容易地猜到RDP密码的默认登录名,或者使用蛮力攻击来获得控制权. 另外, 因为远程桌面协议和vpn总是启动和运行,需要手动补丁, 对于许多公司来说,保持rdp和vpn的更新是一项挑战, making them easy targets.

In fact, advanced adversarial attacks have become so common that the Verizon 2021 Data Breach Investigations Report 引入了一种新的事件分类模式——“系统入侵”," which includes patterns that involve multiple steps. In this classification, 它显示“超过70%的案件涉及恶意软件,超过40%的案件涉及黑客攻击。. 在两组, once a malicious actor extracts or encrypts a company's data, they can sell it, threaten to release it publicly, or destroy it if a ransom is not paid. 即使支付了赎金,攻击者仍可能采取上述任何一种或所有方法.

Protect Your 公司's Network

To protect a company's network, 理解什么工具和技术与抵御实际攻击最相关,这已经变得至关重要. 使用高级对手模拟来测试您公司对攻击的控制,这些攻击反映了正在发生的情况,这是防止未经授权存在于您公司网络的最佳防御.

Advanced Adversary Simulation Reports

高级对手模拟报告提供了通过屏幕截图和详细叙述收集的证据:

  • The Plan of Attack and results
  • 任何事件, 时间线, 信息, 以及显示重大事件并促使攻击计划发生改变的思维过程
  • 一份战术、技术和程序(TTPs)的清单&CK框架,它产生最高分辨率的妥协指标(ioc
  • Security strengths displayed by the target
  • 基于最佳实践的漏洞补救建议
Q: Why would an organization want to do cloud infrastructure?

布莱恩: Cloud infrastructure is really a way to be more agile, more nimble. 它让公司有更多的灵活性和更多的机会在不同的市场保持竞争力.

问:你将使用什么过程穿透云环境?  

布莱恩: 为 cloud pen testing,这是一个有趣的问题,因为有几种不同的方式来获得访问权. 这还取决于您使用的云服务和身份验证机制,或者该云服务与您通信的不同方式. 所以冰球突破豪华版试玩会根据你使用的服务来设计攻击. 

There are different tool suites based on different services. 如果你在 AWS, there's a whole suite of attacker tools. 如果您使用的是谷歌或GCP,则有一套不同的攻击工具. 冰球突破豪华版试玩有不同的工具套件,因为你需要说出与这些不同的云服务对话所需的底层协议,列举它们,并试图攻击它们. 

问:坏人是否偏爱攻击本地环境或云环境?

布莱恩: So, 作为一个攻击者, 我不确定on-prem和cloud到底有什么区别, and it's one of those things that 好吧, why are we seeing more cloud attacks, and why are we still seeing the continued on-premise attacks? 

And it reminds me there is a quote from a bank robber years ago. I think Willie Sutton said when he was asked why you Rob Banks, 他说, 好吧, that's because that's where all the money is. So why are attackers going after the cloud? Well, that's where you're putting all your valuable data. 所以,如果你要把所有有价值的数据都放到云里,你最好确保自己也是 investing heavily in some sort of cloud security in addition to on-prem security, because oftentimes, if we can get on-prem, we've seen occasions where there are VPN tunnels to the cloud assets. So we can just ride that VPN tunnel, and you know, that's where all the money is

Get a FREE Customized Proposal
and Start Securing Your Cloud Environment
Scoping Questionnaire Scope My Project

Get a Customized Proposal

使用冰球突破豪华版试玩的范围调查问卷,为冰球突破豪华版试玩提供必要的信息,为您提供一份提案. Please be as thorough as possible with your responses, as it helps us ensure an accurate and complete proposal.
如果你在terested in application penetration testing, you may find this article helpful when formulating your responses: Understanding Application Complexity 为 Penetration Testing.

If you have any questions, contact us at (952) 836-2770 or schedule a meeting. We will follow up promptly once we receive your responses. We look forward to speaking with you soon.

Having trouble viewing the Scoping Questionnaire? 检查一下是否有广告拦截器阻止页面正常加载.

Dedicated Client Portal

在冰球突破豪华版试玩用户友好的客户端门户上与您的Red团队安全专业人员实时交互,并亲眼看到团队接近您的公司数据.

Certified Security Experts

冰球突破豪华版试玩值得信赖的安全专业人士持有来自领先行业组织的认证, 包括OSCP, 卡斯商学院, CPT, CISSP,更.

研究-Focused Approach

冰球突破豪华版试玩拥有行业领先的认证,每天都花部分时间研究最新的开发技术,以确保冰球突破豪华版试玩的客户免受不断演变的在线攻击.

Free Remediation Testing

Once your team addresses remediation recommendations, Red团队 will schedule your retest at no additional charge.
友情链接: 1 2 3 4 5 6 7 8 9 10