Brute force attacks were among the most comment vulnerabilities security firm Lares encountered often while conducting penetration tests in 2022. (Photo by Leon Neal/Getty Images)

A global security assessment, testing and coaching firm released the five most common penetration test findings it encountered during hundreds of engagements in 2022. 

In a Jan. 18 press release, the Lares research team emphasized that its findings were the most frequently encountered during client engagements — not the most severe threats.

"As we wrapped up 2022, our surprise gave way to expectation, and we found ourselves genuinely surprised if one, or all, of the top five issues were not found on any given engagement," said Andrew Hay, Lares chief operating officer, in a news release. "Every single vulnerability described in our latest research paper can be avoided or eliminated through better cybersecurity hygiene practices."

Here are the top five vulnerabilities Lares researchers encountered:

  1. Brute forcing accounts with weak and guessable passwords
  2. Kerberoasting
  3. Excessive file system permissions
  4. WannaCry/EternalBlue
  5. WMI (Windows Management Instrumentation) lateral movement