How can attackers access your MFA-protected Company mailboxes? How can they move from one machine to another in your infrastructure? Which attack vectors were feasible in 2020? This article is written with the optics of Red Team. It summarizes the most successful attack vectors that repeatedly worked for us in 2020 Red Teaming engagements and penetration tests. The goal of this article is to summarize some of the weaknesses that are still being overlooked or insufficiently mitigated, and exploitation of which might have serious consequences.
This article is written from the perspective of white hat hackers. Its goal is to point out what can still be easily exploitable in 2021, based on our experiences from last year. It describes a different set of attack vectors than what our colleagues from LIFARS DFIR department have commonly seen being misused during their recent engagements. And that is understandable, as security posture of companies that are willing to engage penetration testers or red teamers is probably somewhat better than security posture of many companies seeking reactive DFIR services.
In this article, we describe the most successful attack vectors that repeatedly worked for us (LIFARS Offensive Security Department) in 2020 infrastructure penetration tests and red team engagements. Spear phishing attacks are deliberately omitted from this summary. So, what was it?