EXTERNAL PENTEST

Attack Strategy

External Pentest Checklist

GitHub - hmaverickadams/External-Pentest-ChecklistGitHub

Verifying Scope

Hurricane Electric BGP Toolkitbgp.he.net

Nessus Parser

Network Configuration BuildersNetwork Configuration Builders

Information Gathering OSINT

Hunting Breached Credentials

Identifying Employees & Emails

Enumerating Valid Accounts (Pre-Attack)

Attacking Login Portals

Password Spraying : Office 365, Outlook Web App, Okta SSO

GitHub - blacklanternsecurity/TREVORspray: TREVORspray is a modular password sprayer with threading, clever proxying, loot modules, and more!GitHub

Outlook Web App (OWA) Brute Force Utility

msf6 > auxiliary/scanner/http/owa_login

Bypassing Microsoft 365 MFA

GitHub - dafthack/MFASweep: A tool for checking if MFA is enabled on multiple Microsoft ServicesGitHub

Search through email in Microsoft Exchange

GitHub - dafthack/MailSniper: MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be used as a non-administrative user to search their own email, or by an administrator to search the mailboxes of every user in a domain.GitHub

Common Pentest Findings

Insufficient Authentication Controls

Weak Password Policy

Insufficient Patching

Default Credentials

Insufficient Encryption

Information Disclosure

Username Enumeration

Default Web Pages

Open Mail Relays:

How to Test for Open Mail Relays - Black Hills Information Security, Inc.Black Hills Information Security, Inc.

IKE Aggressive Mode

Unexpected Perimeter Services

Ex: RDP, Telnet, FTP, ...

Insufficient Traffic Blocking

Undetected Malicious Activity