At Black Hat, NetSPI releases two new free and open-source pen-testing tools

The daily — and often hourly — task of preventing and minimising cyberattacks is enormous for businesses. Ransomware-as-a-service, criminal syndicates, and cybercrime commodification have led to a steady stream of new, more complex approaches. Similarly, fresh and updated data and research studies demonstrate deteriorating problems on a regular basis.

Global revenue from the information security industry is expected to reach 376 billion by 2029, according to Fortune Business Insights. Also, IBM found that the average cost of a data breach is 4.35 million, based on its analysis.

According to a recent survey, 93% of all networks are vulnerable to attacks because of typical software, hardware, or organisational process flaws.

Scott Sutherland, a senior director at NetSPI, a company that specialises in business penetration testing and attack-surface management, says that cybersecurity must be a collaborative effort.

New open-source tools for information security professionals have been released by PowerHuntShares and PowerHunt, respectively. At this week’s Black Hat USA, Sutherland will demonstrate both products.

Security operations centres (SOCs) and defence, identity and access management (IAM) teams would benefit from these new technologies, according to Sutherland.

In order to “guarantee our penetration testers and the IT community can more effectively detect and repair excessive share permissions that are being misused by bad actors like ransomware organisations,” added Sutherland, the tools have been built and provided in an open-source capacity.

According to him, “They can be utilised in a normal quarterly cycle, but the intention is that they’ll be a starting point for firms that didn’t have knowledge around these concerns before the tools were launched.”

A flaw in the system has been exposed (by the good guys)

Server message block (SMB) shares on Microsoft Active Directory (AD) domain-joined machines are inventoried, analysed, and reported using the new PowerHuntShares feature.

SMB is a network protocol that enables client applications on a computer to read and write to files and request services from servers.

This solution from NetSPI helps handle issues of excessive share permissions in AD setups which may lead to data exposure, privilege escalation, and ransomware attacks inside organisational environments.

A new tool called PowerHuntShares is designed to discover shares with excessive access rights and provide data insight into how they are connected, when they were brought into the environment, who owns them, and how vulnerable they are,” says Sutherland.

If you’re in the financial services industry, 34 out of 10,000 devices were exposed; in healthcare, seven out of 10,000 devices were exposed; in state, municipal, and educational institutions, five out of 10,000 devices were exposed (SLED).

Increased sleuthing of threats

PowerHunt, on the other hand, is a threat-hunting framework that uses MITRE ATT&CK methodologies to identify symptoms of compromise. In addition, it is able to identify abnormalities and outliers that are peculiar to the target environment.

To swiftly gather artefacts usually linked with malicious conduct, the new tool may be employed, according to Sutherland. It uses Microsoft PowerShell to gather artefacts at a large scale and performs basic analysis. In addition, it can generate.csv files that are straightforward to read and use Additionally, this enables for the use of other tools and procedures for extra triage.

“The biggest usefulness of [the PowerHunt tool] is simply collecting data that can be utilised by other tools during threat-hunting exercises,” stated Sutherland.

NetSPI’s ResolveTM penetration testing and vulnerability management software provides PTaaS (penetration testing as a service). Sophisticated manual penetration testing is carried out across application, network, and cloud attack surfaces by Sutherland’s professionals using this tool In the past, they have found 4 million distinct vulnerabilities in more than one million assets.

PowerUpSQL and MicroBurst, two open-source tools built by the company’s worldwide penetration testing team, are among them.

According to Sutherland, NetSPI actively promotes innovation via cooperation in the creation of open-source tools.

It allows “free use of tools for greater understanding of a subject or problem,” he stated of open source. Even if most open-source tools don’t wind up being an enterprise solution, they may “promote study of long-term solutions” and raise awareness of particular concerns.

Additionally, anybody may download an open-source project and make modifications to suit their requirements.

As Sutherland put it, open source is a “extremely powerful” tool. We are fortunate to be able to take inspiration from the work of others and use it to create something new, which we can then distribute to thousands of people all around the globe in real time.

He invited the security community to have a look at and donate to PowerHuntShares and PowerHunt.

Together, the community will be able to better understand our SMB share’s attack surfaces and enhance remediation procedures, he added.