Case Studies

Assumed Breach and Privilege Escalation Case

Weak authentication and poor segmentation enabled privilege escalation from VPN access to full domain control.

The challenge

The assumed breach scenario tested infrastructure security by simulating insider threats. Major weaknesses included 2FA absence, weak endpoint security, and poor segmentation.

The solution

Enforced 2FA on VPN and O365 to block unauthorized access.
Improved AD security by restricting certificate services.
Strengthened endpoint hardening using CIS benchmarks.

How we did it

Exploited open VPN access and AnyDesk admin controls.
Used DCSync & Shadow Credentials for privilege escalation.
Performed lateral movement through SMB pivots.

Conclusion

The engagement exposed weak security configurations, allowing undetected privilege escalation. Network segmentation and MFA were prioritized for mitigation.

Your Cyber Resiliency is Our Passion

schedule a call

About security testing:

Azure Active Directory compromise

The Azure penetration test helped the client identify and remediate multiple issues and misconfigurations, harden their infrastructure and calculate potential risks.

Case studies. Red Teaming | Case studies. Security

Network Compromise and Cloud Infrastructure Exposure Case

Poor network segmentation enabled an attacker to pivot from internal access to full cloud takeover.

Case Studies | Case studies. Red Teaming | Case studies. Security

Social engineering

During this social engineering engagement, it was possible to achieve persistent internal access, exfiltrate confidential and personal information, and compromise the internal segmented infrastructure.