Behind the Firewall ft. Mark Dube
by Morgan Prost / May 21st, 2026
In the worst-case scenario, if any user within the organization were compromised, all of this sensitive information could be leaked externally.
During a recent internal penetration test, Mark uncovered a critical security gap that the client was completely unaware of. While performing network enumeration using a custom file share enumeration tool, he discovered several SMB shares that were accessible to all users without any restrictions.
These shares contained over 30,000 files, the majority of which included personally identifiable information (PII) such as names, addresses, and social security numbers. Even more alarming, some files stored SQL Server credentials in cleartext, enabling Mark to fully compromise one of the client’s production databases.
The point of contact had no knowledge of these SMB shares or the sensitive data they exposed. This was particularly concerning because, in the worst-case scenario, if any user within the organization were compromised, all of this sensitive information could be leaked externally. On top of that, these shares—and even the SQL Server—could easily become targets for ransomware, amplifying the potential damage.
Once identified, we immediately communicated these findings to the client and recommended restricting file share access to only users who truly need it. There’s no reason for a low-privileged user to have access to such vast amounts of sensitive data. We also advised them to utilize a password manager and eliminate the practice of storing cleartext credentials for critical accounts in files accessible to other users.
This engagement underscores a critical lesson: lack of asset visibility and misconfigured permissions can lead to severe breaches. Organizations must prioritize proper network segmentation, enforce least privilege, and continuously monitor for unauthorized access to prevent exposures like this.
