Subscribe
About

Identifying forgotten IT assets for weaponisation

By Jeffrey Cass, Cybersecurity Engineer at ICON Information Systems.
Mitigate threats before they impact your systems.
Mitigate threats before they impact your systems.

Recent security breaches have underscored the vulnerability of organisations due to overlooked systems within their environments. This press release delves into technical methodologies to identify these hidden assets and outlines strategies to leverage them against threat actors.

Technique 1: Network discovery

Network discovery is a fundamental yet critical method that can be executed using existing network monitoring tools. Tools such as LibreNMS, which are free and open source, can automatically map a network via protocols like LLDP (Link Layer Discovery Protocol) and ARP (Address Resolution Protocol). This mapping can be cross-referenced with your asset register to identify unknown devices.

Technique 2: Network-based vulnerability scans

For a more sophisticated approach, network-based vulnerability scanners such as Qualys can be utilised. These premium tools offer built-in asset tracking capabilities. By performing advanced queries, you can identify unregistered assets and their corresponding IP addresses. This comparison with your asset register provides a complete inventory, facilitating the identification of discrepancies and gaps in your network.

Technique 3: Stale Active Directory computer objects

In scenarios where network-based scanning is not viable, analysing stale Active Directory (AD) computer objects can be an alternative. This process, although labour-intensive, involves using PowerShell scripts to export a CSV file of all AD computer objects. This list can then be compared to your asset register. For any discrepancies, examine the last login times of these objects and monitor domain controller logs to detect any authentication attempts and their originating IP addresses.

Weaponising identified assets

Once at-risk assets are identified, they can be strategically weaponised to enhance security. One effective method is to configure these assets as honeypots. Honeypots act as early detection systems during a cyber attack. By deploying open source software and implementing basic log monitoring, you can detect exploit attempts on these honeypots. This enables you to promptly gather indicators of compromise (IOCs) and mitigate threats before they impact critical systems.

Share