Welcome to another Threat Week update, today we are going to look at some of the active threats in the wild and in the news.
Common attack vectors are still the usual suspects. Phishing, drive by infections, insecure internet exposed services (e.g. FTP, RDP, SSH, web services etc.) We’ve seen phishing attacks using legitimate services such as Zoho CRM to hijack their mail domain to bypass mail filters, so again good education plus technical controls are the best defence against these attacks.
Xservus run a vulnerable lab which hosts honeypots, web services and is used to detect threats. The following graph showcases external threats detected. Read more “July Threat Update”
Securing services requires a broad range of knowledge of operating systems, networking, protocols and offensive capabilities. So I thought I would demonstrate some testing methods to show how a control is effective in blocking certain types of attack, so here’s some offensive and defensive guidance to limit RDP attacks. Please remember this is for educational purposes, do NOT break the law and only use these techniques where you have permission! #whitehat
This document provides a sample of the internal (white box) testing process and procedure for testing RDP controls against brute force attacks.
- Demonstrate only authorised users can access the service
- Demonstrate Remote Desktop Services has a hardened configuration
- Demonstrate a brute force attack
- Scope Evaluation
- Vulnerably Assessment
- Report Results
Read more “Hail Hydra – RDP brute forcing with HYDRA”