Zoom has been a big name in the headlines lately, mainly due to the world’s newfound dependence on, and perhaps obsession with, the platform. As global business is forced to move online, Zoom has become one of the most commonly chosen video conferencing platforms. It’s easy to use, simple to roll out, and the company has provided free and low-cost licenses to both public and private organizations.
Imagine for a moment your favorite spy movie, maybe a James Bond movie for example. It’s cast of characters likely consists of five or so core archetypical personas. In this cast you likely have a cunning spy, a love interest, the shrouded head of the spy agency, the maniacal bad guy, and a clever hacker sitting in the background. Swooping in seemingly at a moment’s notice to disarm a security system or provide intel about a target’s movements, the hacker always seems to be a mysterious figure with deus ex machina powers. In the following article, we’ll dive into this archetypical figure, breaking down the driving factors behind hacking and the overall ideas behind what makes a hacker ‘tick’.
There has been a recent development regarding a potent vulnerability. To help you stay ahead of the situation, please read the following to learn what the exploit is capable of and what can be done to protect against the it.
If you’re reading this, it’s very likely that you know how to use the internet. It’s also likely you’ve made an account on the internet somewhere. When you created your last account, what kind of requirements were you forced to use? For a number of web services, these requirements still follow the 2003 NIST SP 800-63 Appendix A standards that recommend an 8-character minimum, containing one uppercase, one lowercase, one digit, and one special character (Ex: Procircular1!).
During a penetration test, we’ve found that a common (and easy) way to gather credentials and gain an initial foothold on the client’s network is to perform a Man-in-the-Middle poisoning attack abusing LLMNR & NBT-NS. Depending on how active users are on the network, this attack can give an adversary valuable information almost immediately. Fortunately, with a little knowledge, this attack can be easily remediated.
What is LLMNR & NBT-NS?