|[Backdated Post]||Date of finding: 28/10/2019||Actual date of publication: 25/10/2020||[Backdated Post]|
In this post I talk about a vulnerability assessment I conducted for a non-profit organization dear to my heart.
This assessment started up rather informally, but after checking in with some preliminary findings 1 and receiving a positive response I got serious and continued on for 2 more weeks.
I ended up creating a 22-page long report with 12 high-severity findings, 16 medium ones and 15 low severity findings. After which I was invited to their office to talk the document through. I had been thinking about creating an ‘Executive Summary’ but had some initial trouble getting started (condensing the report down) and eventually didn’t find the time to complete it, to my regret. Such a document would have saved us a lot of time and effort during our conversation.
→ Always boil your full report down to something very simple and manageable to more easily bring your message (and findings) across.
Most of the findings were remediated by replacing the platforms responsible (most of which were old and due for replacement anyway). They made sure the replacements didn’t suffer from (most of) the same security ailments as the original platforms. One other critical finding that caught their attention was checked out immediately.
This has been a very fun and interesting experience (getting intimate with a network and its systems really is its own reward!) and I’ve really learned a lot! I also realised, especially now in retrospect, how little I knew about the practicalities of attacking and reporting, luckily I’ve had TryHackMe to improve that situation somewhat.
I would recommend anyone interested in penetration testing to ask a local non-profit for permission to conduct a vulnerability assessment2 on their infrastructure, app, website, … You’ll be able to learn a lot and they’ll be able to improve their security, everybody wins! If you don’t know where to start, look it up! Just make sure you’re very careful and always err on the safe side with every step you take. You want to limit both the risks you take and the amount of artefacts you leave behind. Be careful with automated vulnerability testing tool you don’t understand or haven’t used before, some of those tools verify their vulnerabilities by exploitation. Meaning there’s now some rather cringeworthy image proclaiming that the target server has been tested by <insert 1337 hacker name here>.