[RESEARCH] Lessons From a Season of Penetration Testing
Based on the results of 250+ pen testing engagements, we reveal the most effective methods to compromise networks and high-value credentials. Learn more.
At least one live vulnerability was exploited in 84 percent of the engagements, though when not forced to access the network remotely, some level of compromise was assured nearly 100 percent of the time. Similarly, network misconfigurations allowed for infiltration in 80 percent of external tests versus 96 percent during a simulated insider threat.
The hackers were able to capture at least one credential 53 percent of the time, a figure that shot up to 86 percent with access to the target’s local network. And with network access, via wireless or LAN connection, the hackers were able to gain complete administrative control over the organization’s network 67 percent of the time.
People also still use a horrible password as often as possible.