![Page 1: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/1.jpg)
Under the Hoodie
Lessons learned from a season of penetration testing
Samantha HumphriesRapid7
![Page 2: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/2.jpg)
NOPE…..
![Page 3: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/3.jpg)
>whoami?
Samantha Humphries
Senior Product Marketing Manager – Global Consulting
Services
20 Years in IT Security
Nephophile, F1 Fanatic, Star Wars Geek, Terrible DJ
Dislikes: Airports, Polystyrene, & Liquorice
@safesecs
>whoamRapid7?
![Page 4: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/4.jpg)
Established in 2000
Acquired Metasploit in 2009
Only vulnerability management vendor listed as a
Researcher by MITRE
Research projects: Under The Hoodie
Project Heisenberg
Project Sonar
National Exposure Index
Quarterly Threat Reports
>whoamRapid7?
![Page 5: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/5.jpg)
Powering
The Practice of SecOpsShared visibility, analytics,
and automation
![Page 6: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/6.jpg)
Rapid7 Insight
![Page 7: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/7.jpg)
Threat Intelligence
Research & attacker modeling
EXPERTISE
Visibility into new attacks
Open Source Community
COMMUNITY
Thousands of global users & contributors
At Rapid7, our passion is to be ahead of the attackers—the people and groups that might use technology to harm our businesses and
lives.
Security Researchers
Dedicated teams and consultants
![Page 8: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/8.jpg)
All pentests are not equal!
![Page 9: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/9.jpg)
Pentesting is essentially artisanal
![Page 10: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/10.jpg)
Penetration testers focus on micro details
![Page 11: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/11.jpg)
What happens at a macro perspective?
![Page 12: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/12.jpg)
Pentesting techniques are often occult
![Page 13: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/13.jpg)
Pentesters “always” “win”
![Page 14: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/14.jpg)
Under the Hoodie
![Page 15: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/15.jpg)
Collected survey results from 268 engagements in 2017-
2018
Includes pentests of various scopes
Covers multiple industries, org sizes, geographies
General tactics employed:
Vulnerability types
Common misconfigurations
Credentials
Building the Report
![Page 16: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/16.jpg)
Scope & Target Organisations
Let’s Scope-ify!
![Page 17: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/17.jpg)
Scope & Target Organisations
Engagement Types
External: 157
Internal: 85
Neither: 17
Mixed: 9
![Page 18: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/18.jpg)
Scope & Target Organisations
Engagement Times
>1 week: 29
1 week: 178
2 weeks: 35
3 weeks: 7
4+ weeks: 2
![Page 19: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/19.jpg)
Scope & Target Organisations
Surprise: Attackers tend to like their weekends!
![Page 20: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/20.jpg)
Scope & Target Organisations
Data Types for Validation
Sensitive Internal Data: 155
PII: 144
Credentials: 100
PCI: 57
Medical Records: 29
![Page 21: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/21.jpg)
Scope & Target Organisations
Test Frequency – Small Orgs
Don’t Know: 57
Quarterly: 6
Semi Annually: 7
Annually: 62
You were our first: 22
Test Frequency – Large Orgs
Don’t Know: 38
Quarterly: 4
Semi Annually: 100
Annually: 9
You were our first: 37
![Page 22: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/22.jpg)
How often should we run a pentest?
![Page 23: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/23.jpg)
Vulns Exploited
Vulnerabilities are unintentional functionality or an undocumented API
Exploits are interfaces that leverage vulnerabilities until the functionality is removed by the vendor
![Page 24: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/24.jpg)
84% of engagements saw at least one vulnerabilityexploited
![Page 25: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/25.jpg)
Vulns ExploitedInternal Tests (n=178)
Broadcast Name Resolution: 43
CSRF/Clickjacking: 1
Local Privilege Escalation: 17
None. W00t!: 6
SMB Relaying: 46
A N Other Vuln: 41
XSS: 3
External Tests (n=214)
Broadcast Name Resolution: 2
CSRF/Clickjacking: 25
Local Privilege Escalation: 5
None. W00t!: 43
SMB Relaying: 3
A N Other Vuln: 94
XSS: 29
![Page 26: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/26.jpg)
Vulns ExploitedAll Tests
A N Other Vuln: 140
None. W00t!: 67
SMB Relaying: 51
Broadcast Name Resolution: 47
XSS: 32
CSRF/Clickjacking: 26
Local Privilege Escalation: 25
![Page 27: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/27.jpg)
Wait, Sam! These numbers don’t quite add up?
![Page 28: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/28.jpg)
Good Pentesting Involves Exploit Chaining
![Page 29: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/29.jpg)
Guess how many times we used a 3rd party 0day?
![Page 30: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/30.jpg)
Misconfigurations Leveraged
It’s not just Vulns & Exploits….
![Page 31: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/31.jpg)
Misconfigurations Leveraged
Not really something to be “patched”
Usually site-specific implementation errors
Usually common across sites
Usually more common on internal assessments
![Page 32: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/32.jpg)
Misconfigurations Leveraged
Internal Tests (n=235)
Default Account Access: 18
No Detection Controls: 17
No Least Privilege: 33
No Network Segmentation: 20
No Patch Management: 31
None, hooray!: 9
Password Re-use: 36
Svc Accts as Domain Admin: 26
Service Misconfiguration: 22
A N Other Misconfig: 22
![Page 33: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/33.jpg)
Misconfigurations Leveraged
Internal Tests (n=235)
Default Account Access: 18
No Detection Controls: 17
No Least Privilege: 33
No Network Segmentation: 20
No Patch Management: 31
None, hooray!: 9
Password Re-use: 36
Svc Accts as Domain Admin: 26
Service Misconfiguration: 22
A N Other Misconfig: 22
External Tests (n=201)
Default Account Access: 6
No Detection Controls: 5
No Least Privilege: 9
No Network Segmentation: 2
No Patch Management: 9
None, hooray!: 71
Password Re-use: 7
Svc Accts as Domain Admin: 5
Service Misconfiguration: 27
A N Other Misconfig: 56
![Page 34: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/34.jpg)
Credential Capture
Considered an “easy win” by penetration testers
![Page 35: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/35.jpg)
Credential Capture
How often were credentials successfully obtained? (Cue: Possible Emotional Response)
![Page 36: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/36.jpg)
Credential Capture
External Engagements
Creds obtained: 33%
Internal Engagements
Creds obtained: 86%
Mixed Engagements
Creds obtained: 78%
![Page 37: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/37.jpg)
Credential Capture
What was the most common method to successfully obtain credentials?
Automated social engineering? MITM? 3rd party password dumps?
![Page 38: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/38.jpg)
Credential Capture
We guessed. Yep.
![Page 39: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/39.jpg)
Credential Capture
Also, usernames aren’t *that* hard to find
![Page 40: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/40.jpg)
Credential Capture
Different organisations tend to use the same patterns:
Variations of “password”: Password1, Password1!
Our favourite: Current season + year + bang: Spring2019!
Variations on the organisation’s name: Acme1234, Acme1234!
![Page 41: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/41.jpg)
Credential Capture
Common Trailing Digits
Single Digit: 1
Double Digits: 23
Triple Digits: 123
Quadruple Digits: 2009 (?)
Quintuple: No Surprises.
![Page 42: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/42.jpg)
Credential Capture
Get elegant with your password policy
![Page 43: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/43.jpg)
Detection Evasion
Remember, we’re generally pretty unsubtle
![Page 44: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/44.jpg)
Detection EvasionCatch us if you can!
Detected with 1 hour: 20
Detected with 1 day: 56
Detected with 1 week: 20
Evaded detection: 153
![Page 45: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/45.jpg)
Wisdom From Under The Hoodie
Fascinating stuff, Sam, but now what?
![Page 46: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/46.jpg)
Wisdom From Under The HoodiePatch / Effective Vuln Mgmt*
Segment your networks
Practice Decent Asset, Account,& Privilege Management
Revisit software configuration –default passwords are bad, m’kay
Tighten up your password policy (no seasons!)
![Page 47: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/47.jpg)
Even Moar Wisdom From Under The HoodieLoads more stats & analysis in the report: https://www.rapid7.com/info/under-the-hoodie/
Also, stories! “This One Time on a Pentest” sidebars
At us on Twitter!
@todb (Research Director)
@kwantative (Sr Data Scientist)
@safesecs (Me!)
@rapid7 (All of us)
![Page 48: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/48.jpg)
Meet our team at stand R580
![Page 49: Under the Hoodie - Amazon Web Services...CSRF/Clickjacking: 1 Local Privilege Escalation: 17 None. W00t!: 6 SMB Relaying: 46 A N Other Vuln: 41 XSS: 3 External Tests (n=214) Broadcast](https://reader036.vdocuments.site/reader036/viewer/2022070801/5f0267ec7e708231d4041e81/html5/thumbnails/49.jpg)