Singing the Blues:
Taking Down an Insider Threat
"I had all of the advantages. I was already inside the network. No one suspected me. But they found my hack, kicked me off the network...
...and physically hunted me down."
Many pentests start from the outside, wanting to see how the perimeter might be breached.
This pentest started from the inside. My client wanted to assume they had already been breached, and, if breached, how far could an attacker go.
Could they stop me once I was inside?
So they snuck me in. Disguised me as a new employee. Gave me a work computer, an ID badge, an account in their system... hell, I even had a cubicle w/my assumed name on it.
The only person who knew who I really was was their CISO. Everyone else thought I was Jeremy in Marketing.
During most of the first morning, I completed onboarding, made introductions, and completed menial tasks.
But I had to act quick. I only had a week onsite. I had to hack their network while not raising suspicion.
So I set about it.
You have to understand... most "Internal Pentests" are straight forward. The hard part is breaching the network, but once you're inside, it's a target rich environment. End of Life computers, default passwords, everyone a Local Administrator...