Contact us: info@tenendo.com
How we did it
- Exploited open VPN access and AnyDesk admin controls.
- Used DCSync & Shadow Credentials for privilege escalation.
- Performed lateral movement through SMB pivots.
Conclusion
The engagement revealed weak security configurations, which allowed for undetected privilege escalation. Network segmentation and MFA were prioritised for mitigation.