Skip to main content
Core Security Logo Core Security Logo
  • Contact Us
  • Support
  • All Fortra Products
  • FREE TRIALS
  • Contact Us
  • Support
  • All Fortra Products
  • FREE TRIALS
  • Cyber Threat

      Products

      • Core Impact Penetration testing software
      • Cobalt Strike Red team software
      • Outflank Security Tooling (OST) Evasive attack simulation
      • Event Manager Security information and event management
      • Powertech Antivirus Server-level virus protection
      • Product Bundles

      Solutions

      • Penetration Testing
      • Penetration Testing Services
      • Offensive Security
      • Threat Detection
      • Security Information and Event Management
    • Penetration Testing Services Security consulting services
  • Identity

      Products

      • Access Assurance Suite User provisioning and governance
      • Core Password & Secure Reset Self-service password management
      • Core Privileged Access Manager (BoKS) Privileged access management (PAM)

      Solutions

      • Privileged Access Management
      • Identity Governance & Administration
      • Password Management
    • See How to Simplify Access in Your Organization | Request a Demo
  • Industries
    • Healthcare
    • Financial Services
    • Federal Government
    • Retail
    • Utilities & Energy
    • Higher Education
    • Compliance
  • Resources
    • Upcoming Webinars & Events
    • Blogs
    • Case Studies
    • Videos
    • Datasheets
    • Guides
    • Ecourses
    • Compliance
    • All Resources
  • CoreLabs
    • Advisories
    • Exploits
    • Publications
    • Articles
    • Open Source Tools
  • About
    • Partners
    • Careers
    • Press Releases
    • Contact Us
  1. Home
  2. Blog
  3. Pivoting for Penetration Testing

Pivoting for Penetration Testing

I recently was watching an old episode of “Friends”. During this one particular episode, Ross was trying to move a couch into his upstairs apartment. As they were trying to carry the couch upstairs, they reached a point where they had to turn a corner. As you can imagine - the couch becomes stuck and Ross was yelling, "PIVOT!!" Since joining Core Security, anytime I hear the word ‘pivot’, I think about it in terms of how an attacker would move through a network.

One of the techniques that attackers use once they get into a network is understanding where they’re at and how to get to the valuable information they’re really looking for. Typically, that information is on a separate piece of the network. While I doubt the attacker is visualizing Ross yelling, “Pivot!” I think they try to pivot as quickly as they can. So if attackers use these techniques, then as pen testers, we also need to use the same techniques.

How do Attackers Pivot?

Attackers are looking for any foothold they can leverage to gain access into a network. The cheapest and most effective way of gaining access to networks today is through some form of phishing. The attacker scopes out a target, creates some type of email with malware attached to it and then sends it off hoping to trick the user into clicking on whatever it is they've attached. For the purpose of this, we'll assume the user clicks on the malware and the attacker now has successfully infiltrated the victim's network.  At this point, the attack will begin to do some additional fact finding. They will try to find information like what additional users have access to this machine, what networks can this machine talk to, are there any shares on this system and perhaps, where the local DNS servers or even domain controllers are. They do all of this because in most cases the person they've infected isn't actually their goal. It's typically some other system or other data point in the network. Once they gain enough information from this user, they will then begin to try and blend in with the normal network traffic and attempt gaining access to these other systems.

How Do Attackers Blend in?

One of the most common services used in networks today, Remote Desktop Protocol (RDP). Now that the attacker has scrubbed usernames and passwords off of the initial victim’s machine and identified critical servers, he will then use RDP to potentially log into other servers – while using the initial victim's machine as his source. This is one the most basic forms of pivoting. The attacker started by sending a phishing email from outside of the organization. Once he gained access to the victim’s machine, he does his info gathering and then uses that info to look as if he's a normal user on the network moving to the real target. This type of attack is all too common.

What Does This Tell Us as Ethical Hackers?

As pen testers, we need tools that give us the ability to test these very methods. It's not good enough anymore to just test the web vector or the client side vector. We need to test beyond that and see just how far we can get into our networks to better understand preventive measures that we need to put in place. As you conduct your pen tests, don't just stop with the first machine breached. Do as Ross would and PIVOT!

Related Products
Core Impact
Penetration Testing Services
Related Solutions
Penetration Testing
Phishing
Related Content
Pen tester in hoodie
Blog
Pen Testing Stories from the Field: Combining Tools to Take Over an Entire Domain
Video
Best Practices for Effective Phishing Campaigns
Blog
How Commercial Pen Testing Tools Can Make Your In-House Testing Program More Effective and Efficient

Safeguard Your Infrastructure and Data

CTA Text

Access a collection of penetration testing resources and tools for keeping your cyber assets safe.

GET THE TOOLKIT
  • Email Core Security Email Us
  • Twitter Find us on Twitter
  • LinkedIn Find us on LinkedIn
  • Facebook Find us on Facebook

Products

  • Access Assurance Suite
  • Core Impact
  • Cobalt Strike
  • Event Manager
  • Browse All Products

Solutions

  • Identity Governance

  • PAM
  • IGA
  • IAM
  • Password Management
  • Vulnerability Management
  • Compliance
  • Cyber Threat

  • Penetration Testing
  • Red Team
  • Phishing
  • Threat Detection
  • SIEM

Resources

  • Upcoming Webinars & Events
  • Corelabs Research
  • Blog
  • Training

About

  • Our Company
  • Partners
  • Careers
  • Accessibility

Support

Privacy Policy

Contact

Impressum

Copyright © Fortra, LLC and its group of companies. All trademarks and registered trademarks are the property of their respective owners.