Dailydave mailing list archives
Catch22's in Vulnerability Management
From: Dave Aitel <dave () immunityinc com>
Date: Wed, 06 Feb 2013 14:03:52 -0500
I love both our Qualys and Tenable friends, but I have to say, I worry about "authenticated scans". Perhaps my worry is unwarranted, but having a domain admin that is connecting to and trying to authenticate to every host on the network seems like a very bad idea. For example: * What if you do a NTLM proxy attack? * What if you downgrade your accepted protocols to NTLMv1 and then crack the hash and now are domain admin for free? * What if there is some vulnerability in the web apps or host box that supports these programs? * When Qualys, for example, logs into MS SQL, and I have MITM on that network, why can't I just take over the connection and be admin from then on? https://community.qualys.com/docs/DOC-4095 http://static.tenable.com/documentation/nessus_credential_checks.pdf If these attacks work, it's a bit of a catch22. In order to achieve compliance, you must be out of compliance! I assume people are using authenticated scans, because without it, you're generally getting lots of false positives to weed through, which is annoying (and for which we sell CANVAS plugins :>). -dave -- INFILTRATE - the world's best offensive information security conference. April 2013 in Miami Beach www.infiltratecon.com
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Catch22's in Vulnerability Management Dave Aitel (Feb 06)
- Re: Catch22's in Vulnerability Management Jonathan Cran (Feb 06)
- Re: Catch22's in Vulnerability Management Marc Maiffret (Feb 06)
- Re: Catch22's in Vulnerability Management Wim Remes (Feb 07)
- Re: Catch22's in Vulnerability Management Ron Gula (Feb 07)
- Re: Catch22's in Vulnerability Management Renaud Deraison (Feb 11)
- Re: Catch22's in Vulnerability Management Wolfgang Kandek (Feb 12)