On some of the more challenging pen tests, the goal is not necessarily to gain a high level of privilege on the network but rather getting to a specific set of data.
Occasionally on these kinds of engagements testers aren't allowed to get there from certain routes. What do they do in these situations? Sometimes they use a tactic called pivoting.
Watch the video to learn more about an engagement where one of SecureWorks technical testers utilised pivoting by querying a targeted systems network cards to gain access to sensitive data on an organisations internal network.
On some of the more challenging pen tests, the goal is not necessarily to gain a high level of privilege on the network but rather getting to a specific set of data and occasionally we aren't labelled to get there from here. We are somewhere on the network and the information is unaccessible from our current location and to work against that we'll use something called pivoting where we will look for systems that do have access to that more sensitive network or data and we will funnel all of our communication through those systems that do have access.
I was working on an internal pen test and had gained access to most of the systems on the network that I could see, so essentially what I did was I started going through those systems querying them to see which ones had more than one network card installed and if they did have more than one, what internal IP addresses were assigned and I found two systems that had multiple network cards that had access to my network as well as IP addresses on the sensitive network that I was looking to get to and so I compromised those devices and started running my traffic through them and gained access to the target network I was looking to get into.