Although no two networks or domains are the same, there are a number of common security weaknesses that penetration testers will almost certainly encounter on every internal security assessment. These weaknesses often allow the tester to rapidly gain a foothold on the internal network, elevate privileges, move laterally across the domain, and invariably gain Domain Administrator privileges.
We have all heard of the OWASP Top 10:
"The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications."
The OWASP Top 10 aims to highlight the most common and impactful web application security vulnerabilities affecting websites today and to ultimately help developers address them. Heavily inspired by (or shamelessly copied from) this, I have devised the "Internal Top Five", based on the extensive combined experience of the Claranet Cyber Security penetration testing team.
Knowing which issues to prioritise and where to focus your often limited resources and efforts when securing your internal network can be difficult. By addressing and mitigating the Top Five, and applying the Pareto principle, or the law of the vital few, you will massively reduce your internal attack surface and make your network much more resilient to internal attacks.
Additionally these vulnerabilities are not just theoretical and are widely exploited in the wild, whether that be criminals looking to gain access to and spread throughout your network before installing ransomware or probing by nation state actors.
The Internal Top Five*:
*Based on Claranet testing engagements since January 2019
Nothing can ever be 100% secure, but tackling and keeping on top of our "Top Five" is a sound investment of time and resource that will vastly improve the security of your enterprise and significantly raise the bar of difficulty for any internal attackers.
If you want to find out if these vulnerabilities affect you and what impact they might have in your environment, we recommended performing an internal penetration test / infrastructure assessment. Regular penetration testing is also a good way of tracking your progress and assessing the actual effectiveness of your security controls.
Once common issues like the Top Five are addressed, testers will be able to dedicate more time during engagements to identifying more nuanced vulnerabilities within the unique context of your environment.