6/29/2023 0 Comments Docker kali linuxWhen we perform Internal Pentest engagements sometimes we’ll send a phone-home device instead of a consultant. ![]() This occurs occasionally during our Red Team engagements, where it would just be great if we just had nmap or Metasploit deployed somewhere inside our client’s environment. Sometimes, on engagements, you don’t have the exact tools you’d like immediately available. The full story surrounding the team’s accomplishment is best for another blog, however today we’ll discuss what we did after gaining access to the client’s Private Cloud Provisioning software. Having lost our foothold, we identified a new opportunity and gained access via their Citrix deployment. ![]() We breached the client’s perimeter through a fairly uncommon application server, however, due to the risk of that initial foothold our client chose correctly to close the access after we could demonstrate lateral movement capability. This is a story from one of our more recent Red Team engagements and what we did after gaining access to the target client’s environment.
0 Comments
Leave a Reply. |