Hackers don’t break in, they log in. This has never been more true – as the demand for data increases, more files than ever are being stored across the enterprise. Local files, file shares, cloud backups, and more are filling up with precious data. And with that, comes increased risk that the data being stored contains sensitive information that attackers are keen to get their hands on. The following real world examples from NodeZero users highlight the risks associated with storing sensitive data, and the need for a scalable way to analyze mass amounts of data for secrets. Domain User to Domain Admin During an internal pentest, NodeZero compromised a domain user via a password spraying attack. Domain users often have access to a wide range of SMB shares, where tight access controls are often lacking. Due to this data sprawl, the compromised user had access to an SMB share with a “web.config” file. Web.config files are often used in ASP.NET applications, and can contain plaintext credentials. Unfortunately, this application was configured to use domain admin credentials, compromising the entire environment. The full attack path is shown below: Domain User to PCI/PII Data Compromise Compromising an environment isn’t the only […]
↧