################################################################################ # Target Organization ################################################################################ - Seller of Widgets and Widget accessories - In business since 2002 - Sales website is hosted by a 3rd party and therefore out-of-scope - Was the top widget provider in the 2000s before a decline in the 2010s - Small-Office/Home-Office (SOHO) size - Current headcount: 4 - Alice Marcus (alicemarcus@) Information Technology Specialist Employeed since July 12, 2009 - Bob Barker (bobbarker@) Director of Customer Relations Employeed since August 2, 2010 - Cecylia Nureyeva (cecylianureyeva@) Accountant Employeed since September 14, 2021 - Dan Daly (dandaly@) Head of Information Technology and Security Employeed since November 10, 2013 - Culture is ... quirky ... but nothing too out of the ordinary I wish we had organized gaming tournaments :-( ################################################################################ # Communications with Customer ################################################################################ - Dan Daly requested pen-test of network on behalf of the customer - Legal has confirmed that all standard agreements have been signed and submitted to allow us to move forward - Customer informed us of a known data breach in the early 2010s but explicitly stated that "the situation has been handled and corrective-action taken" - Customer made a point of dicussing some of the corrective-actions they'd taken but not all made sense during the interaction: - Ban on Microsoft products (?due to distrust of Bill Gates?) - Employees are banned from connecting mobile devices to corporate network - Require all OS updates to be applied within 14 days of release - Monthly password expiration with minimum character counts - Manual password audits via a paper form submitted to IT when rotating - Require yearly pen-tests from external organization - Customer provided "Certificates of Testing" for previous 7 years but not the reports themselves - Interesting that they only say "performed" and not "passed" :-S - Located significant corporate and customer data available from 2010s breach - Located via a non-public, 3rd party, grey-market data vendor - All customer credit card numbers are expired - Was able to confirm a handful of the customers' addresses disclosed are out-of-date (i.e., moved in the last 20 years) - Extracted technical details from breach data and included below ################################################################################ # Data from 2010s breach ################################################################################ Account: Aaron Copland (aaroncopland@) Current Password: EmJ.f55x Previous Passwords:: !2*&z3]C \|xT?k%q XmK:zS7& :(hiY8Mt FJ0e+ppw i/`cQo:@ TNC|f1&4 kNK5K6xr .-zcW_Zk Bb>#3[pe '$%Dd1Y6 6hfO_szI C^6mv2Cg Sm@/!}d6 Account: Bob Barker (bobbarker@) Current Password: >SU,6j02TIr_.c Previous Passwords:: .Ohnj'}w_5g`|: rL)49ocj=,dO&% yUd|`Sm u|#rK28K[t/2H} Account: Claire Redfield (claireredfield@) Current Password: brake_sling_mill_wish Previous Passwords:: study_thule_tear_qm chaw_weed_shrew_vg louse_far_rapid_lily anti_vivid_lisle_velar hick_hadron_kazoo_cool yin_query_meal_cody Account: Billy Coen (billycoen@) Current Password: shrank_embalm_lobar_vessel Previous Passwords:: trunk_kent_puddly_latus thine_pad_goof_posse bias_sale_knelt_shop reich_leech_pliny_1960 oq_hull_r_brandt blanc_rk_body_2001 c's_xf_gusto_width kale_win_ben_mayer Account: Jill Valentine (jillvalentine@) Current Password: addle_cite_gorge_groin_vvv_hoe_coot Previous Passwords:: quake_casey_quilt_mew_vat_cosh_balk self_slate_kulak_rater_pork_break_roar Account: Alice Marcus (alicemarcus@) Current Password: c3VwZXJEVVBFUjV0cjBuOXBAc3N3b3JkLUphbjIwMTI= Previous Passwords:: c3VwZXJEVVBFUjV0cjBuOXBAc3N3b3JkLUphbjIwMTE= c3VwZXJEVVBFUjV0cjBuOXBAc3N3b3JkLUphbjIwMTA= c3VwZXJEVVBFUjV0cjBuOXBAc3N3b3JkLUp1bDIwMDk= Account: Fong Ling (fongling@) Current Password: G!W7E@X!=5Kc Previous Passwords:: None