Tuesday, September 1, 2020

So, You Got Access to A *NIX System… Now What?

Note to Reader: For simplicity, I will be referring to all Unix, Linux, and other Unix-like systems simply as *nix, unless a specific distinction needs to be made.

As a pentester, you will likely come across a *nix system at some point. If you are like many of the people I have worked with and encountered in the security industry, you are much more familiar with Microsoft Windows-based systems than *nix systems. This is completely fine. Most attackers focus largely on Windows-based systems due to the marketshare, end-user exploitability, and attack surface. Microsoft Windows in 2019 made up over 97% of the most attacked operating system in the ransomware category. In whole, *nix systems can make up a large percentage of the ecosystem of an enterprise (often not the largest), however is often less focused on from an attack surface perspective. In most networks, when you encounter *nix systems, they are typically less prominent than when compared to the numbers of Microsoft Windows based systems. Common uses of *nix systems tend to be development systems, mobile devices, database systems, embedded devices (firewalls, web cameras, etc.), web services such as jBoss, Tomcat, or Jenkins, and cloud infrastructure such as AWS. Whereas Microsoft Windows is much more commonly found running on end user workstations, email systems, and, of course, domain controllers (as well as other roles found in *nix).