• University of Melbourne

• COMPUTER 5841

Executive Summary Trilocor Robotics Ltd. (“Trilocor” herein) contracted to perform a Network Penetration Test of Trilocor’s externally facing network to identify security weaknesses, determine the impact to Trilocor, document all findings in a clear and repeatable manner, and provide remediation recommendations. Approach performed testing under a “black box” approach from to without credentials or any advance knowledge of Trilocor’s externally facing environment with the goal of identifying unknown weaknesses. Testing was performed from a non-evasive standpoint with the goal of uncovering as many misconfigurations and vulnerabilities as possible. Testing was performed remotely from ‘s assessment labs. Each weakness identified was documented and manually investigated to determine exploitation possibilities and escalation potential. sought to demonstrate the full impact of every vulnerability, up to and including internal domain compromise. If were able to gain a foothold in the internal network as a result of external network testing, Trilocor allowed for further testing including lateral movement and horizontal/vertical privilege escalation to demonstrate the impact of an internal network compromise. 5 Scope The scope of this assessment was owned by Trilocor discovered if internal network access were achieved. In-Scope Assets Host/URL/IP Address/Domain Description 10.129.x.x < DISCOVERED INTERNAL DOMAIN(s)> Table 1: Scope Details Assessment Overview and Recommendations During the penetration test against Trilocor, identified findings that threaten the confidentiality, integrity, and availability of Trilocor’s information systems. The findings were categorized by severity level, with five (5) of the findings being assigned a high-risk rating, one (1) medium-risk, and one (1) low risk. There was also one (1) informational finding related to enhancing security monitoring capabilities within the internal network. Trilocor should create a remediation plan based on the Remediation Summary section of this report, addressing all high findings as soon as possible according to the needs of the business. Trilocor should also consider performing periodic vulnerability assessments if they are not already being performed. Once the issues identified in this report have been addressed, a more collaborative, in-depth Active Directory security assessment may help identify additional opportunities to harden the Active Directory environment, making it more difficult for attackers to move around the network and increasing the likelihood that Trilocor will be able to detect and respond to suspicious activity. 6 Network Penetration Test Assessment Summary began all testing activities from the perspective of an unauthenticated user on the internet. Trilocor provided the tester with network ranges but did not provide additional information such as operating system or configuration information. Summary of Findings During the course of testing, uncovered a total of findings that pose a material risk to Trilocor’s information systems. also identified that, if addressed, could further strengthen Trilocor’s overall security posture. Informational findings are observations for areas of improvement by the organization and do not represent security vulnerabilities on their own. The below table provides a summary of the findings by severity level. Finding Severity High Medium Low Total 5 1 1 7 Table 2: Severity Summary Below is a high-level overview of each finding identified during testing. These findings are covered in depth in the Technical Findings Details section of this report. Finding # Severity Level Finding Name 1. High LLMNR/NBT-NS Response Spoofing 2. High Weak Kerberos Authentication (“Kerberoasting”) 3. High Local Administrator Password Re-Use 4. High Weak Active Directory Passwords 5. High Tomcat Manager Weak/Default Credentials High 6. Medium Insecure File Shares 7. Low Directory Listing Enabled 8. Info Enhance Security Monitoring Capabilities Table 3: Finding List 7 Internal Network Compromise Walkthrough During the course of the assessment was able gain a foothold via the external network, move laterally, and compromise the internal network, leading to full administrative control over the