Baseline OS Image Assessment

Baseline OS Image Assessment

Secure Network’s Baseline OS Image testing will assess customer host-based controls as well as application control configurations and relevant GPOs. The purpose of this test is to determine if an attacker or an insider threat would be able to take control of the host by exploiting escalation of privilege vulnerabilities within the defined baseline image.

SNT applies a consistent and reproduceable approach that combines comprehensive identification and validation of risk-based vulnerabilities. This methodology ensures that both new and common threat actor Techniques, Tactics, and Procedures (TTPs) are applied to each test, identifying real world attack paths that could be exploited within mature organizations.

Planning Phase

During the Planning phase, SNT will collaborate with customer Point of Contacts (PoC) to discuss Scope, Rules of Engagement, and to outline what to expect during the baseline OS image assessment. Senior cyber security engineers will be involved with PoC planning meetings to detail engagement information and to answer any questions or concerns.

Reconnaissance Phase

The Reconnaissance phase will be the beginning of the baseline OS image testing scenario. With access to a Windows based workstation or server, SNT will implement commonly used threat actor TTPs to gain information about user context, host, AV/EDR, patch levels, and installed services and applications.

Exploitation Phase

The Exploitation phase will begin once a privilege escalation vulnerability has been discovered. This initial vulnerability will be exposed via software or services vulnerabilities or misconfigurations.

Post-Exploitation Phase

The Post-Exploitation phase continues the exploitation of the attack path to validate the likelihood of a real-world threat actors’ ability to compromise the host. SNT will validate common post-exploitation techniques and their effectiveness such as modifying the host firewall, disabling AV/EDR, dumping LSASS, dumping registry hives, etc.

Reporting Phase

The Reporting phase will occur after the conclusion of testing. Any attack paths or vulnerabilities that have been discovered and exploited will be disclosed. Mitigation techniques are included in details of findings, where applicable, to provide guidance and a starting point to reduce the overall risk to the customer environment.

Deliverables

SNT will deliver the final report to the customer along with associated artifacts gathered during the attack, such as credentialed Nessus scans and privilege escalation checks.