Winter Is Here. All Your Domains Are Belong to Me!!! By Stephen Kofi Asamoah

After executing security assessments (e.g. Penetration Testing, Red Teaming, etc.), I make it a habit to debrief my client’s senior management on the work done and my report. This creates an opportunity to discuss stuff such as the attack Tactics, Techniques and Procedures (TTPs) used, attack vectors used, findings, recommendations, remediation efforts, etc. More often than not, I get surprising looks from the leadership teams about some of the ways I got my initial foothold on the network or some of the tactics I used. For most of them, they expect some Tom Cruise Mission Impossible-style of hacking, bypassing firewalls, etc., only to find out how effortless it was for me to compromise their networks. So, I usually take the time with my clients to shed some light on how modern-day attacks are usually carried out and how a small loophole as simple as one weak user credential can topple....