Second Update - 11:00am Monday

• Five more hospitals report being targeted. All hospitals have a few things in common, including they all endorsed the new healthcare law that was passed. You’ve learned from your legal team that your hospital endorsed the law as well.
• They’ve noticed that the attackers are consistently targeting Windows systems that contain centralized log files and backups. They are also taking advantage of an unpatched Windows vulnerability to execute the attack.
• Tip: The IP address for your main log server is the IP address of your Azure virtual machine. You store all of your logs and backup logs in your datacenter on site. Full backups are conducted once on the first of every month. Though you always change the default passwords, you haven’t enforced strong passwords consistently with your users.

Action:
Use Nessus to run a vulnerability scan against your log server and analyze results. Summarize what you found. Consider the key vulnerabilities that were exploited within the other companies. Assess your assets and current mitigating controls to confirm if the threat could be relevant to your company. Make a recommendation for the order in which the findings should be addressed and what action is required.

Conduct an abbreviated penetration test against your users accounts. Access the provided list of password hashes from your company and try to crack your own users passwords using HashCat. Are there any weak passwords you discovered?

Tip: The file path for the tool on your virtual machine is C:\Tools\hashcat-5.1.0 and you can interact with the tool via command prompt (CMD). As you pull together your command line string, you can find and use the default dictionary provided within HashCat, leverage your own .dict file, or try other attack modes within HashCat.

Add to the report template.