undefined | Better HN

0 pointslondons_explore4y ago0 comments

Most corporate machines aren't directly on the internet though... How do attackers get through corporate firewalls to access said unpatched machines?

I would guess the easiest way is to phish a login to the corp VPN or to send an email with a malicious attachment to give the attacker something inside the corp firewall as a place to start their port scan of the internal network and begin their attacks.

0 comments

alex_anglin4y ago

MITREs ATTaCK [1] matrix is a great resource for describing incidents like these. To answer your question, it is a combination of Initial Access and Lateral Movement techniques that depend upon an attackers aims. They're by no means the only activities involved of course.

https://attack.mitre.org/

j / k navigate · click thread line to collapse

0 pointslondons_explore4y ago0 comments

Most corporate machines aren't directly on the internet though... How do attackers get through corporate firewalls to access said unpatched machines?

0 comments

alex_anglin4y ago

https://attack.mitre.org/

j / k navigate · click thread line to collapse