In all of my engagements, successful exploitation (defined as gaining access to sensitive data) has come down to the Four Ps: Patching, Permissions, People, and Physical.
Every. Single. Engagement.
I’m going to prefix what comes next by acknowledging I couldn’t possibly cover everything without this article becoming unreadable. What I would like to inspire is for you to interact and comment below. Add value to my article by including some vectors you’ve experienced. It may just help others, which is the goal. In the future, I’ll write articles specific to each of these four areas.
This one is simple enough…
To most organizations, the work that I perform (penetration testing) is voodoo and heresy. When I factor in Social Engineering (SE), their curiosity becomes piqued, and they are almost always left feeling a bit of dread. They’re often shocked and amazed at how easy it is to infiltrate and exfiltrate their organization through lying, cheating, and stealing.
There are many great resources out there to learn about the mechanisms of an effective SE attack, but I’m going to keep things simple and easy to understand. It’s important to note that the best SE attacks are often the simplest. …
A cybersecurity guy.