General discussion of ethical hacking concepts, experiences, ideas and certs.
hayabusa wrote:Another one I've seen quite frequently, lately, is WSDL issues
- information disclosure, up to and including full LDAP administrative credentials and passwords from a WSDL request that wasn't made unavailable to 'joe average user'
cd1zz wrote:What AJ said but in addition:
- Sync'd local admin pws
- Lots of LM hashing in use
- Tons of exposed 445 on EVERYTHING which makes PTH and psexec possible
cd1zz wrote:That's a cool idea and I think that would work well with what I usually recommend.... which is to implement GPO based FWs and block 445 inbound, except from a jump box or from a small subnet of IPs.
I know 445 can also be used for installing software remotely, but again, that could be accomplished by only allowing inbound 445 from a subset of the network/jump box.
cd1zz wrote:I was recently at a client that implemented something really cool called CyberArk, ever heard of it? It changes the local admin passwords to crazy random passwords, every hour! It keeps track of all of them and allows SSO through the CyberArk. Bad ass!
Users browsing this forum: No registered users and 0 guests