Top Decisive Pentest Discoveries for 2024: Vital Details to Be Aware Of

AndyC 12 June 2024

Among the most efficient methods available for information technology (IT) specialists to unearth a company’s vulnerabilities ahead of malicious actors is penetration testing.

Top 10 Critical Pentest Findings 2024: What You Need to Know
Top 10 Critical Pentest Findings 2024: What You Need to Know

Among the most efficient methods available for information technology (IT) specialists to unearth a company’s vulnerabilities ahead of malicious actors is penetration testing. By simulating genuine cyberattacks, penetration testing, commonly referred to as pentests, delivers crucial perspectives into an organization’s security stance, uncovering weaknesses that could potentially result in data breaches or other security breaches.

Vonahi Security, the architects of vPenTest, an automated network penetration testing platform, have recently unveiled their yearly synopsis, “The Top 10 Critical Pentest Findings 2024.” In this overview, Vonahi Security administered over 10,000 automated network pentests, revealing the top 10 internal network pentest discoveries at more than 1,200 entities.

Lets explore each of these crucial discoveries to gain a deeper understanding of the prevalent exploitable vulnerabilities organizations encounter and ways to effectively tackle them.

Top 10 Findings from Pentests & Recommendations

1. Multicast DNS (MDNS) Spoofing

Utilized in small networks, Multicast DNS (mDNS) is a protocol employed to resolve DNS names sans a local DNS server. It dispatches queries to the local subnet, permitting any system to reply with the requested IP address. This opens the door for cybercriminals to respond with their system’s IP address.

Recommendations:

To evade exploitation effectively, it is advisable to deactivate mDNS if it’s not in use. Depending on the setup, this can be accomplished by disabling services like Apple Bonjour or avahi-daemon

2. NetBIOS Name Service (NBNS) Spoofing

Deployed in internal networks, NetBIOS Name Service (NBNS) serves to resolve DNS names when a DNS server is inaccessible. It disseminates queries across the network, allowing any system to respond with the desired IP address. This flaw can be leveraged by attackers to provide their system’s IP address.

Recommendations:

To deter NBNS usage in a Windows environment or mitigate the effects of NBNS Spoofing assaults, consider the following strategies:

  • Adjust the UseDnsOnlyForNameResolutions registry key to prevent systems from initiating NBNS queries (NetBIOS over TCP/IP Configuration Parameters). Configure the registry DWORD to
  • Deactivate the NetBIOS service on all Windows hosts across the internal network. This can be accomplished via DHCP options, network adapter configurations, or a registry key.

3. Link-local Multicast Name Resolution (LLMNR) Spoofing

LLMNR, utilized in internal networks, aids in resolving DNS names when a DNS server is inaccessible. It circulates queries throughout the network, enabling any system to respond with the requested IP address. This vulnerability can be exploited by attackers to present their system’s IP address.

Recommendations:

To thwart exploitation, configure the Multicast Name Resolution registry key to inhibit systems from engaging in LLMNR queries.

  • Utilize Group Policy: Computer ConfigurationAdministrative TemplatesNetworkDNS Client Turn off Multicast Name Resolution = Enabled (For Windows 2003 DC administration, employ the Remote Server Administration Tools for Windows 7)
  • Registry Setup for Windows Vista/7/10 Home Edition exclusively: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoft Windows NTDNSClient EnableMulticast

4. IPV6 DNS Spoofing

The advent of rogue DHCPv6 servers in a network leads to IPv6 DNS spoofing. Windows systems show a preference for IPv6 over IPv4, thus IPv6-enabled clients will opt for the DHCPv6 server if accessible. During an attack, clients are furnished with an IPv6 DNS server while retaining their IPv4 settings. This facilitates attackers to intercept DNS requests by reconfiguring clients to adopt the attacker’s system as the DNS server.

Recommendations:

Unless crucial for operational needs, deactivate IPv6. As turning off IPv6 could lead to service interruptions, it’s advisable to test this configuration beforehand. Alternatively, consider implementing DHCPv6 guard on network switches. Essentially, DHCPv6 guard guarantees that only a sanctioned list of DHCP servers can lease addresses to clients

5. Outdated Microsoft Windows Systems

Outdated Microsoft Windows systems stand susceptible to attacks, given the absence of security updates. This primes them as easy prey for attackers who can capitalize on their vulnerabilities, potentially escalating to other network systems and resources.

Recommendations:

Replace outdated editions of Microsoft Windows with contemporary operating systems backed by the manufacturer and equipped with the latest security patches.

6. IPMI Authentication Bypass

IPMI streamlines server management by enabling centralized administration. However, certain servers harbor vulnerabilities enabling attackers to circumvent authentication and extract password hashes. In cases where passwords are default or weak, attackers can retrieve the plaintext password and secure remote access.

Recommendations:

Given the unavailability of a patch for this specific vulnerability, consider implementing one or more of these actions.

  • Limited IPMI access to essential systems that necessitate access for administration.
  • Disable the IPMI service if it doesn’t serve business operations.
  • Update the default admin password to a robust and intricate one.
  • Constrain the service to secure protocols like HTTPS and SSH to curb attempts of obtaining this password via man-in-the-middle attacks.

7. Microsoft Windows RCE (BlueKeep)

During evaluations, systems vulnerable to CVE-2019-0708 (BlueKeep) were identified. This Microsoft Windows vulnerability poses a high exploit potential owing to the existence of tools and code that grant attackers full control over affected systems.

Recommendations:

Urgently apply security patches to the affected system. Additionally, review the organization’s patch management protocol to identify reasons for lacking security updates. As this vulnerability is extensively exploited and can lead to considerable breaches, swift remediation is advised.

8.Password Reutilization by Local Administrators

Many systems were discovered during the internal penetration test, sharing the identical local administrator password. By compromising one local administrator account, access to multiple systems was gained, significantly escalating the risk of widespread compromise within the organization.

Recommendations:

To prevent consistent local administrator password usage across multiple systems, consider implementing a solution like Microsoft Local Administrator Password Solution (LDAPS).

9. Microsoft Windows RCE (EternalBlue)

Systems susceptible to MS17-010 (EternalBlue) were detected during the testing phase. This Windows vulnerability is easily exploitable due to the existence of accessible tools and code, enabling attackers to attain full control over impacted systems.

Recommendations:

Applying security updates on the affected system is advised. Additionally, assess the organization’s patch management program to ascertain the cause behind the absence of security updates. Given the exploitable nature of this vulnerability and the potential for significant access, immediate remediation is crucial.

10. Dell EMC IDRAC 7/8 CGI Injection (CVE-2018-1207)

Dell EMC iDRAC7/iDRAC8 versions before 2.52.52.52 are vulnerable to CVE-2018-1207, an issue of command injection. This vulnerability allows unauthenticated attackers to execute commands with root privileges, granting them complete control over the iDRAC device.

Recommendations:

Upgrade the firmware to the most recent version available.

Main Causes of Critical Pentest Discoveries

Although each of these discoveries stemmed from distinct exploits, several shared commonalities. The predominant causes of the most critical pentest discoveries continue to be configuration vulnerabilities and deficiencies in patching.

Configuration Vulnerabilities

Typically, configuration vulnerabilities arise from services within deployed systems by administrators that are inadequately secured. They encompass issues like easily guessed or default credentials, services needlessly exposed, or excessive user permissions. While some of these configuration vulnerabilities may be exploitable under limited circumstances, the potential impact of a successful attack remains significant.

Patching Deficiencies

Patching issues persist as a significant concern for organizations, often due to reasons such as compatibility challenges and configuration inadequacies within the patch management system.

These two primary concerns underscore the necessity of regular penetration testing. While annual testing has been the norm, ongoing testing offers substantial value by pinpointing critical gaps closer to real-time instances of how security vulnerabilities can lead to significant compromises. For instance, while Tenable’s Nessus scanner might flag LLMNR as informational, carrying out quarterly or monthly network penetration testing via Vonahi’s vPenTest not only identifies these issues but also elucidates their potential impact.

Understanding vPenTest

vPenTest is a leading, fully automated network penetration testing platform that actively aids in mitigating security risks and breaches within an organization’s IT ecosystem. It eliminates the hassle of seeking out a qualified network penetration tester and delivers high-quality reports that outline identified vulnerabilities, associated risks to the organization, and strategies for addressing these vulnerabilities technically and strategically. Moreover, it enhances an organization’s compliance management capabilities.

vPenTest

vPenTest: Core Features & Benefits

  • Thorough Assessments: Conduct internal and external tests to comprehensively evaluate all possible entry points in your network.
  • Realistic Threat Simulation: Simulate actual cyber threats for valuable insights into your security posture.
  • Clear and Timely Reporting: Receive detailed reports that are easy to comprehend, outlining vulnerabilities, their impacts, and recommended actions.
  • Regular Testing: Establish monthly testing intervals to ensure proactive and responsive security measures.
  • Effective Incident Response: Detect vulnerabilities early to prepare for potential security incidents efficiently.
  • Alignment with Compliance: Meet regulatory compliance standards such as SOC2, PCI DSS, HIPAA, ISO 27001, and cyber insurance requisites.

Embark on a free trial today and experience how using vPenTest can proactively expose your organization’s vulnerability to real-time cyberattack risks.

Give vPenTest a Free Trial!

Intrigued by this content? This piece is a contributed article from one of our esteemed partners. Follow us on Twitter ï‚™ and LinkedIn for more exclusive updates.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , ,

More Stories

China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

AndyC 19 December 2025
HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution

HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution

AndyC 19 December 2025
ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories

ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories

AndyC 19 December 2025
North Korea-Linked Hackers Steal .02 Billion in 2025, Leading Global Crypto Theft

North Korea-Linked Hackers Steal $2.02 Billion in 2025, Leading Global Crypto Theft

AndyC 19 December 2025
The Case for Dynamic AI-SaaS Security as Copilots Scale

The Case for Dynamic AI-SaaS Security as Copilots Scale

AndyC 19 December 2025
Kimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery App

Kimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery App

AndyC 19 December 2025

You may have missed

Chinese Hackers Exploited a Zero-Day in Cisco Email Security Systems

Chinese Hackers Exploited a Zero-Day in Cisco Email Security Systems

AndyC 19 December 2025
Chinese Hackers Exploited a Zero-Day in Cisco Email Security Systems

Risk Management in Banking: Leveraging AI and Advanced Analytics

AndyC 19 December 2025
LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan

LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan

AndyC 19 December 2025
Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

AndyC 19 December 2025
Chinese Hackers Exploited a Zero-Day in Cisco Email Security Systems

RegScale Open Sources OSCAL Hub to Further Compliance-as-Code Adoption

AndyC 19 December 2025

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.