Skip to main content

Free audit program · v0.1.0

Initial Access Broker Sale — Audit Program

Initial-access brokers selling administrative or remote access to a victim organisation (VPN, RDP, Exchange OWA, AWS console, AD domain admin). The buyer is typically a ransomware affiliate. Demands MFA on every remote pathway, PAM for admin tiers, dark-web monitoring of company brand + employee emails.

  • credential theft target area
  • framework
  • 4 controls in this program
  • Mustafa Senior Reviewer
Sign in to run → Back to library

About this program

Threat context: Initial Access Broker Sale

This program audits the controls that mitigate the above threat. Each procedure references one mapped control. Run the program to score your exposure.

Risks addressed

Controls (4)

  1. MFA for all user accounts

    Multi-factor authentication (MFA) for all user accounts requires users to present at least two independent authentication factors—something they know (password), something they have (hardware token, mobile device), or something they are (biometric)—before gaining access to systems or applications. This control…

    How to test + evidence

  2. Privileged access management (PAM)

    Privileged Access Management (PAM) controls the lifecycle of accounts with elevated system, application, or data permissions through dedicated tooling and processes. PAM solutions typically vault privileged credentials, enforce session recording, require just-in-time access requests with approval workflows, and rotate passwords…

    How to test + evidence

  3. Account lockout policy on failed logins

    Account lockout policies automatically disable user accounts after a specified number of consecutive failed authentication attempts within a defined time window. This control prevents attackers from conducting unlimited password guessing or brute-force attacks against user accounts by enforcing a temporary…

    How to test + evidence

  4. Credential rotation

    Credential rotation involves the periodic, scheduled replacement of authentication credentials including passwords, API keys, certificates, and service account secrets to minimize the window of opportunity for compromised credentials to be exploited. Rotation policies define intervals based on credential type, sensitivity,…

    How to test + evidence