Our business cases

• Nationwide pharmacy network pentest

A nationwide pharmacy network ordered an external pentest of their computer network. Black box mode was chosen.

During the project it was discovered that all critical IT infrastructure was behind the firewall. No chances to penetrate seemed to be found. Then we decided to check points of sales, and checked several drugstores. One of them had a Mikrotik router with default password. This type of routers has blank default passwords, so the router was "compromised". It had OpenVPN, locally stored certificates, and allowed sniffing. We intercepted traffic and found confidential information of the sales and accounting system. Then we extracted certificates from the compromised router, made a fake point of sale, and connected to the VPN server. We impersonated ourselves as an ordinary drugstore. This way we penetrated the internal IT infrastructure of the customer that was protected by the firewall and seemed impenetrable. We explored the Active Directory network, found SQL server with domain authentication and penetrated it using a password that was extracted by mimikatz utility before.

The project was completed with the conclusion that the penetration is possible, and customer's information security level is low. The customer received risk assessment results, information about the vulnerabilities, and recommendations how to remediate them and harden the IT infrastructure.

• Grey-box and white-box pentest for a telecom company

A mid-sized telecommunication company motivated to comply with external security requirements requested implementation of the complex information security system and overall security assessment. The customer chose grey box and white box as the penetration testing modes. Target object of the pentest were external servers, DMZ, web applications, and internal nodes of the local area network. During the project, the following vulnerabilities and drawbacks were discovered:

  • Network configuration errors, lack of segmentation (lack of separate VLAN for management interfaces iLO, IMPI, IP KVM, etc.).
  • Weak passwords in active network devices.
  • Hidden resources were accessible (ADMIN$, C$, D$, etc.).

As a result of vulnerability exploitation, the documents containing confidential data were extracted. Thus, unauthorized access by an intruder was emulated. The customer received a comprehensive report about the vulnerabilities and their remediation methods.

• Internal pentest for a big industrial plant

A big industrial plant with about 10,000 employees needed an assessment of IT infrastructure compliance with security requirements. The plant ordered the penetration test in grey box and white box modes. As the pentest target objects, local area network servers were chosen. During the project, the following vulnerabilities and weaknesses were found:

  • Drawbacks in the event monitoring and security incident response processes (lack of measures to prevent intrusions, and recover from incidents).
  • Drawbacks in configuration management (uncontrolled test and guest hosts in the corporate domain).
  • Drawbacks of access and privilege management (open login via ssh for the standard root account; single administrator account for DC, network equipment, and user workstation management).
  • Other technical vulnerabilities (proxy auto-detection for software is enabled).

An unauthorized access of insiders was modeled during the project. The customer received the full report on vulnerabilities and how to eliminate them.

• Analysis of a retail company's infrastructure

A medium-sized retailer implemented internal and external information security requirements. Some of them required complete analysis of the enterprise infrastructure, including penetration tests in the "gray box" and "white box" modes. During the pentest, the following vulnerabilities and weaknesses were found:

  • Vulnerabilities in the web applications (no request validity checks in the applications, data transfer through unencrypted HTTP channel).
  • Privilege management drawbacks (domain accounts for various services and applications had too high privileges).
  • The possibility of e-mail forgery (no DKIM / DMARC signature systems on mail servers).
  • Drawbacks in monitoring processes of security events (no "auditd" customization for events).
  • The possibility of unauthorized device connection to the network (DHCP snooping, no port security).

During the pentest, as a demonstration of vulnerability, an unauthorized access to the network equipment was emulated. The customer received the full report on the vulnerabilities and the ways to eliminate them.

• The pentest for PCI DSS compliance in a financial organization

A small financial organization connected to the international payment systems Visa and Mastercard faced with the need to comply with the PCI DSS standard requirements. Among them, there is the requirement to perform an external and internal penetration test regularly. During the analysis of the infrastructure scope (cardholder data environment) the detailed parameters of the external pentest were agreed with the customer. The parameters included "gray box" and "black box" modes, and the list of target objects, namely, the Internet-faced services and Web applications.

As a result of the pentest, multiple vulnerabilities in the web applications were discovered (PHP injections, cross-site scripting, direct object references, missing software update mechanisms, insecure default Web server configurations, no access control on the functional level, buffer overflows, error in the web application code).

During the project, no real ways of penetration were found, but potential ways were present. The customer received a comprehensive report on the vulnerabilities and how to enhance security of the infrastructure. The report was made in accordance with the requirements of PCI DSS, including the description of the penetration test methodology, which was used during the project.

(Company names are under Non-disclosure Agreements)

And how secure are you?
Read more about penetration tests and check your protection.

About us and about our news.