Introduction:

On corporate information systems (CIS), hazardous bugs are discovered each year. When left,
these vulnerabilities enable outsiders to jeopardize sensitive organizational network
infrastructure, allow attackers to extend or even get full CIS power. This attack lead to
significant losses in prestige and finance when they are successful. Black-hat hackers are using
similar methods to strike physical targets. Our 2016 digital events report by our analysts found
that cybercriminals had shifted away from complex, zero-day attacks. Instead, they use
simplified and cost-effective approaches. Criminals are increasingly using freely accessible
and/or proprietary techniques (e.g. legal intrusion testing software: cobalt strike, Metasploit, etc.)
and builed operating systems, which disguise their work within the framework of the victim.
Posctive Technologies has been able to identify six core attack tactics that externals can use to
break the network perimeter and penetrate the corporate network, based on years of experience
in penetration tests. These methods are built on the following flaws that could exist in almost
every organization’s perimeter Posctive Technologies has been able to define six main attack
tactics that externals can use to break the network perimeter and reach the corporate network,
based on years of experience in penetration tests. These strategies are based in almost all areas
on the following styles of vulnerabilities.
Key _Challenges:
 Poor management of accounts and passwords.
 Vulnerabilities in web applications.
 Poor traffic filtering
 Poor vulnerability and update management
 Poor user awareness of information security issues
 Poor configuration and access control
Password attacker:
It will be almost impractical and time intensive to manage complex distributed networks with
only local connections. System managers are using various protocols, including Telnet, RSH and
SSH, as well as other protocols, such as RDP, to remotely control computers. Admins also use
freely accessible tools to communicate remotely: RAdmin, Ammyy Admin, etc. Through using
these methods, outsiders can open up password attacks and gain access to the OS if they succeed.
In order to do this, attackers do not require advanced knowledge. What you need in most
situations is a desktop, a password cracking software (e.g. Hydra) and a dictionary (many special
dictionaries with common user IDs and passwords for particular systems and services are
available on the Internet). Filters of IP address links will make it more complicated for attackers,
but they will be able to locate alternate routes such as compromise to other nodes at the also the
perimeter of a network (instead of an attacker's own address) and carry out the attack from
compromise nodes.
How to stay safe: We advise to use a key based authentication for safe remote SSH access: the
public client key will be stored on the server, and the private key will be saved on the client side.
The customer will login while the private key is present. More generally, we suggest that remote
control over the Internet be restricted to nodes.
Exploitation of web vulnerabilities:
OS commands don't necessitate an attacker often to get management interface credentials. Often
Web apps have vulnerabilities that make OS command possible in the network perimeter of the
business. By definition, most mobile apps are meant for use by all Internet users to be freely
available (official websites, electronic shops, news websites, etc.). This offers attackers several
possibilities. Online systems have the most risky vulnerabilities: arbitrary file opening, SQL
injections and arbitrary code running. Use of these vulnerabilities may result in a complete
compromising server.
How to stay safe: We suggest that you limit file uploads to servers using a white list besides a
strict password policy. User-provided data should be filtered at application code level to avoid
exploitation of vulnerabilities within application code (SQL Injection, OS Order, etc.).

 Exploitation of known vulnerabilities Attacks on a vulnerable protocol:

Attacks on a vulnerable protocol:
The attacks on the Javas Debug Wire Protocol, one of the components of the Java debug
architecture platform, are an example of bad stream filtering on the network perimeter (JPDA).
The protocol does not carry out authentication or traffic protection, and externals may make use
of this while the JDWP interface is available through the Internet. An intruder can execute OS
commands using a publicly accessible exploit8. Furthermore, the service using JDWP frequently
has full privileges, such that the external party is just a step away from complete server power.
Below is a good example of an attack using a public hack.

How to stay safe: This example illustrates how even networks with powerful keys and routine
security upgrades will break the network perimeter. Debugging interfaces from external
networks should not be available.
Attacks on network and data link layer protocols
If the attacker does not have a list of domain name users or is unable to access account
passwords, he will examine the protocols used on his business network. Man-in-the-middle
attacks can intercept traffic, or attacks against the NBNS and LLMNR protocols can yield user
names and password hashes (for example if ARP is a success).
ARP Poisoning is a proven attack, such that this article focuses on threats against other
protocols. ARP protocol attacks are more likely than others to be less frequent as part of the
penetration checking (performed only by special agreement with the customer.

How to safety safe: Deactivate these protocols if necessary. Take protective steps, if required,
such as isolation of devices using the relevant protocol on different segments of the network.
ARP poisoning security techniques are well-known and include: gateway using static ARP
inputs, intrusion detection features.
Conclusion:

Multilayer security is necessary to frustrate attempts by attackers to compromise the

infrastructure of the network. If users and managers use dictionary codes, even the costliest
alternatives are made worthless. We also seen many situations where a single user has a
password that's instantly guessable dictionary, such that an attacker has complete control of the
company network infrastructure. And, as stated above, then also it is paves the way to special
services to gain account credentials even though anti-virus security is provided by having local
administration rights on a workstation or computer.