In all of my engagements, successful exploitation (defined as gaining access to sensitive data) has come down to the Four Ps: Patching, Permissions, People, and Physical.

Every. Single. Engagement.

I’m going to prefix what comes next by acknowledging I couldn’t possibly cover everything without this article becoming unreadable. What I would like to inspire is for you to interact and comment below. Add value to my article by including some vectors you’ve experienced. It may just help others, which is the goal. In the future, I’ll write articles specific to each of these four areas.

Patching

This one is simple enough…


Catch Me If You Can (DreamWorks Pictures, copyright 2002).

To most organizations, the work that I perform (penetration testing) is voodoo and heresy. When I factor in Social Engineering (SE), their curiosity becomes piqued, and they are almost always left feeling a bit of dread. They’re often shocked and amazed at how easy it is to infiltrate and exfiltrate their organization through lying, cheating, and stealing.

There are many great resources out there to learn about the mechanisms of an effective SE attack, but I’m going to keep things simple and easy to understand. It’s important to note that the best SE attacks are often the simplest. …

Matt James

A cybersecurity guy.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store