Intermediate

Security Hot Takes: Near-Neighbor TTPs

The Nearest Neighbor Attack is a newly documented Initial Access TTP in which an attacker compromises a physically nearby, unrelated network, activates a Wi-Fi interface on a host within...

The Nearest Neighbor Attack is a novel tactic, technique, and procedure (TTP) in which an attacker gains remote access to a target network without ever directly touching that network's own perimeter defenses. Instead, the attacker first compromises a different organization's network that happens to be in close physical proximity to the real target — for example, a neighboring business, a nearby residential network, or any other network within Wi-Fi range of the target's building.

Once inside that neighboring network, the attacker activates a Wi-Fi interface on a compromised host and uses it to scan for nearby wireless networks. The compromised, physically-adjacent network then acts as a pivot point: because it is within radio range of the actual target, the attacker can wirelessly connect from that pivot host directly into the target's Wi-Fi network, all without needing to be physically present near the target building themselves and without needing valid remote-access credentials to the target's VPN or public-facing infrastructure.

This matters because it sidesteps an entire category of defenses that organizations typically invest in most heavily — perimeter and remote-access con...

Sign in to read this course

A free account unlocks all 514 courses. 20 are readable without one.

What's inside

3 sections
  1. 1 Table of Contents
  2. 2 Module 1: The Nearest Neighbor Attack
  3. 3 Summary

More Security Hot Takes & Threat Intel courses

View all 21

Interested in this course?

Contact us to book it or get a custom training plan for your team.