Winter Is Here. All Your Domains Are Belong to Me!!! By Stephen Kofi Asamoah

August 12, 2019

After executing security assessments (e.g. Penetration Testing, Red Teaming, etc.), I make it a habit to debrief my client’s senior management on the work done and my report. This creates an opportunity to discuss stuff such as the attack Tactics, Techniques and Procedures (TTPs) used, attack vectors used, findings, recommendations, remediation efforts, etc. More often than not, I get surprising looks from the leadership teams about some of the ways I got my initial foothold on the network or some of the tactics I used. For most of them, they expect some Tom Cruise Mission Impossible-style of hacking, bypassing firewalls, etc., only to find out how effortless it was for me to compromise their networks.

So, I usually take the time with my clients to shed some light on how modern-day attacks are usually carried out and how a small loophole as simple as one weak user credential can topple the entire network defense. The truth is, cyber-attacks are more about efficiency and not necessarily elegance. Thus, adversaries don’t look for the hardest ways to break in. They mostly look for the easiest ways to get in. We popularly term this approach the path of least resistance and one of these paths is login credentials. All it takes is just one set of user credentials and your entire network could fall to an adversary.

This write-up walks us through one of my many journeys in my external attack....

Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.

What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4


We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.