3 Things Sysadmins Should Do to Prepare for an Internal Pentest

Listen to this Post

  1. Know Your Tools: Ensure you are familiar with the tools used to triage alerts and suspicious activity. Understand which security controls detect specific types of activity. Practice investigating potential security incidents as if they were real.

  2. Clean Up File Shares: Conduct a thorough search for files containing sensitive information such as credentials. Look for files with names like “passw”, “login”, “unattend.xml”, or “.config”. Remove or secure these files to prevent unauthorized access.

  3. Implement Least Privilege: Evaluate your environment’s access controls. Ensure that not every file share, document, or SharePoint site is accessible to everyone. Design access control policies to limit permissions and reduce the risk of over-permissive environments, which are prime targets for threat actors.

You Should Know: