How we did it

  • Exploited open VPN access and AnyDesk admin controls.
  • Used DCSync & Shadow Credentials for privilege escalation.
  • Performed lateral movement through SMB pivots.

Conclusion

The engagement revealed weak security configurations, which allowed for undetected privilege escalation. Network segmentation and MFA were prioritised for mitigation.