Thanks for the list. I got this job as the network administrator at a community bank 2 years ago and 9/9 of these were on/enabled/not secured. I've got it down to only 3/9 (dhcpv6, unquoted exe, operational tech not segregated from info tech).
I'm asking for free advise, so feel free to ignore me, but of these three unremediated vectors, which do you see as the culprit most often?
dhcpv6 poisoning is really easy to do with metasploit and creates a MITM scenario. It's also easy to fix (dhcpv6guard at the switch, a domain firewall rule, or a 'prefer ipv4' reg key).
unquoted paths are used to make persistence and are just an indicator of some other compromise. There are some very low impact scripts on github that can take care of it
Network segregation, the big thing I see in financial institutions is the cameras. Each one has its own shitty webserver, chances are the vendor is accessing the NVR with teamviewer and just leaving the computer logged in and unlocked, and none of the involved devices will see any kind of update unless they break. Although I've never had a pentester do anything with this I consider the segment to be haunted.
Practically speaking, low-end mobos could just have an empty hole through the PCB for a power cable to go to the GPU from the power supply instead of soldering the connection and running all that power through the mobo. That power circuitry can't be easy to have around the chipset, right?
Also, with this connector being so far away from the mounting brace to the case, would GPU sagging torque/bend/ this connector and all 600w of power going to it? A 600w GPU would have a big 'ol cooler and have big sag, right?
