Operation Shadow Breach Reflection - mathewyanez/tech-journal GitHub Wiki

  1. Describe the complete attack path you took from initial reconnaissance to gaining SSH access. What were the critical steps?

**Used online sources, scanned for open ports/services, looking for obvious open spots, until gaining access. **

  1. If you were TechNova's security team, at which stage do you think you could you have detected this attack? How?

Most likely in a vulnerability management point, where we would run scans to find vulnerabilitys, especially known ones in our network.

  1. Rate the severity of the Apache 2.4.49 vulnerability on a scale of 1-10. Justify your rating using CVSS scores and business context.

8-9 if there is a known vulerability running on your server, you have a serious problem. If that gets used business loses money, trust is lost.

  1. After reading the risk acceptance form, explain WHY TechNova chose to keep the vulnerable server running instead of patching immediately.

it was a srategic risk-based approach to prioritize critical threats and the need to maintain operational continuity. So essentially they thought it could be dealt with later.

  1. Do you agree or disagree with TechNova's decision? Support your answer with specific reasoning about business vs. security trade-offs.

If I was in their positon I do not know, potential consequences can be meassured compared to immediate remediation while it may be obvious after it has already happened, at the time in their position it very well could have been the correct choice. Given my stance I'd say I disagree with it as leaving those obvious and easy to fix issues open may very well be where attackers begin.

  1. What compensating controls (safety measures) did Technova put in place to reduce risk while keeping the vulnerable server running?

Encrypted passwords, restricted number of user accounts, and the important information was relatively hidden.

  1. Are these compensating controls adequate? What additional controls would you recommend?

No, web fuzzing found the vulnerabilities page relatively quickly, securing those configurations should be the first order of business. Finding the user account and password to ssh into the server was also not as difficult as it should've been, change the password.

  1. Is it ethical for a company to knowingly run vulnerable systems?

**No, they are not only putting themselves but their customers at risk as well. **

  1. Under what circumstances is this acceptable vs. negligent?

It is negligent if they knew about the problems and did not attempt to fix them. It can be morally acceptable based on if they didn't but from a papers perspective they will still be labeled negligent.

  1. If TechNova were breached by a real attacker, should the leadership team face legal consequences? why or why not?

Depends on what information is leaked, what NDA's or forms were signed, what they were resposible for. If they signed that the data were safe with them it would not be ok.