Penetration testing. Case Studies
If we are able to automate security and testing tooling, we can incorporate it at every stage of the agile cycle, and improve outcomes for security, test and the development teams.
talk to an expertCase studies of our team’s past projects provide an insight into our services and are an example of how our experience may be relevant to your case.
Tenendo is capable of emulating a real-world attack and can do that without any additional information about the infrastructure. Our in-house developed tools and payloads improve the chances of a successful breach and can provide the Client valuable experience in opposing a sophisticated threat actor.
We also incorporate our blue team operations and compliance experience in red team assessments and can provide in-depth recommendations about threat detection and response processes, monitoring and logging techniques, and infrastructure hardening.
When it comes to quality and security, people are your strongest asset — ours too. We are proud of our team and what we do and have decided to partially share our past projects and cases to provide our customers with a behind-the-scenes look at our process and our past experience. We made sure all cases are anonymous and do not disclose any confidential information, but still provide valuable insight.
PCI DSS segmentation testing case
The team created several hardware connect-back appliances and used it in a PCI DSS segmentation testing.
Social engineering
During this social engineering engagement, it was possible to achieve persistent internal access, exfiltrate confidential and personal information, and compromise the internal segmented infrastructure.
Payment processing API penetration testing
Tenendo specialists discovered an unattended staging environment and leveraged its vulnerabilities for sensitive information disclosure. This information was later reused in an attack against the main application, that allowed us access to the payment API on behalf of other customers of our Client.
Client-Bank application compromise
This case is a very good example why manual penetration tests are valuable – the team achieved compromise without administrator access to the application, not using any known exploits or discovering injection/deserialization/other RCE flaws.
Internal Adversary Simulation case study
Do you want to know how your organisation will fare against an internal attack? Look no further than Tenendo’s Internal Adversary Simulation.
Internal Adversary Simulation Case
The adversary simulation activity helped the client identify and remediate multiple issues with the on-premise infrastructure and vulnerabilities, calculate potential risks, and improve the overall security posture. Each finding also included proposed solutions for applying industry-standard defences.
Azure Active Directory compromise
The Azure penetration test helped the client identify and remediate multiple issues and misconfigurations, harden their infrastructure and calculate potential risks.
EDR product’s effectiveness evaluation
Evaluating EDR Product against Threat Actors: Uncovering Limitations and Collaboration for Enhanced Detection of Multiple Killchains.
