All those misconfigurations are just a few that can allow access to member servers, host machines, and domain/forest dominance.
This is what hackers do; they abuse these misconfigurations on internal networks to get enterprise admin permissions.
This phase simulates attempts to verify the exploitability of the internal misconfigurations through manual exploitation.
THE PURPOSE OF THIS IS TO IDENTIFY REAL PATHS TO GET UNAUTHORIZED ACCESS TO DOMAIN CONTROLLERS, MEMBER SERVERS AND PIVOTING STRATEGIES.
THIS WILL PROVIDE US WITH A CLEAR UNDERSTANDING RELATED TO THE CONTERMASURES IN PLACE.
During this phase we will make use of PowerShell.
To provide a threat profile in the most realistic way, we have a wide range of internal attacking procedures, which we will simulate.
We define in advance the results of a "successful" exploit procedure in consultation with our contact point.
These tests are closely coordinated with the client's system administrators and are programmed under their supervision.
All our findings, recommendations, and suggestions are contained in a report.
They concern specific Microsoft misconfigurations, unsecured IT practices, configuration management, and patching procedures.
In addition, we offer an information session after each evaluation. The information session includes a discussion on techniques used to compromise the target system,
patching techniques, and a direct question and answer session with the evaluation team. This is an essential part of our service.