Penetration Test - Select Your Attacks(17)

Miscellaneous Local Host Vulnerabilities

LOCAL HOST VULNERABILITIES

• Default account settings - disable accounts that are not being used.
• Sandbox escape
  • Shell upgrade - gaining access to a shell with higher privilege
  • VM - escaping a VM may allow access to underlying environment
  • Container - similar to VM escape(i.e. Docker)

PHYSICAL DEVICE SECURITY

• Cold boot attack

  • Ability to physically reboot a system (can allow access to encryption keys)

• JTAG debug (Joint Test Action Group)

  • Can allow attacker to interact with chips.
  • More information refer to : https://en.wikipedia.org/wiki/JTAG#:~:text=JTAG (named%20after%20the%20Joint,complementary%20tool%20to%20digital%20simulation.
  • 

• Serial console

  • If not disabled, provides direct access to servers

QUICK REVIEW

• Default artifacts left in place are almost always vulnerabilities.
• A lack of physical security (physical access) always makes attacking easier
• Look for easy attack paths - administrators may have overlooked something.