- What were some of the challenges Jeremy encountered during this penetration testing and social engineering process?
One of the challenges that Jeremy encountered was making sure that he didn’t raise suspicion when he was attempting to hack into the network. Another challenge when he was doing penetration testing was that he wasn’t able to crack passwords using Hashcat. His computer had a log collector so if he were to do anything suspicious it would have been logged and he would have been caught.
2. What were some of the technical techniques that Jeremy from Marketing used to manipulate the company’s network?
He used Responder to get hashes when people logged into their computers. He used Hashcat to attempt to get matches to find passwords. He also used Metasploit and he managed to get some passwords until his connection ended, He also used Wireshark which allowed him to determine how he would try to exploit the network.
3. What were some of the social engineering techniques Jeremy used on the company and its employees?
One of the social engineering techniques Jeremy used was when he told the finance lady that he was IT, and he was going to do updates on her computer, so he could put malware on her computer. Another social engineering technique that Jeremy used on the employees was when he managed to bypass MFA by having Jane from accounting give him the pin for him to get into Citrix.
4. How did the company respond to the attack and what measures did they take to prevent similar attacks in the future?
The computer had a Factor Authentication on every application, which would make it too difficult for a hacker to infiltrate a network. The logging on the computer made it easy for hackers like Tinker to be caught. The company also had strong passwords, which made them hard to crack, and the local admin had limited access when Tinker was trying to access certain areas of the network.
5. What lessons can we learn from the story of Jeremy from Marketing about the importance of cybersecurity training and awareness for employees?
The lesson that we can learn from this story is that training employees about cybersecurity is important, like having strong passwords and having two-factor authentication. Also, we can learn not to give PINs over the phone because employees need to be aware and not give sensitive information like a PIN to a random person.