Penetration testing. Case Studies
Tenendo is capable of emulating a real-world attack and can do that without any additional information about the infrastructure.
Welcome to our Penetration Testing Case Studies!
Discover our services’ impact and how our experience benefits your organization. Our case studies reveal past projects, showcasing our expertise in delivering effective penetration testing solutions.
At Tenendo, we excel at simulating real-world attacks without prior knowledge of your infrastructure. Our in-house tools enhance the likelihood of breaching your systems successfully, offering invaluable experience in countering advanced threat actors.
Our red team assessments combine blue team operations and compliance experience. This unique approach enables us to offer comprehensive recommendations on threat detection, response processes, monitoring techniques, and infrastructure hardening.
We understand the significance of quality and security for your organization. Our team is our greatest asset, with skills and accomplishments we take immense pride in. We’ve selected specific case studies to share as proof of our capabilities. While carefully anonymized for confidentiality, these cases provide insights into our process and past successes.
Explore our Penetration Testing Case Studies to grasp how we secure your systems and shield your organization from evolving threats.
PCI DSS segmentation testing case
The team created several hardware connect-back appliances and used it in a PCI DSS segmentation testing.
Social engineering
During this social engineering engagement, it was possible to achieve persistent internal access, exfiltrate confidential and personal information, and compromise the internal segmented infrastructure.
EDR product’s effectiveness evaluation
Evaluating EDR Product against Threat Actors: Uncovering Limitations and Collaboration for Enhanced Detection of Multiple Killchains.
Targeted Phishing on Cloud Services Provider Admin infrastructure Case
Successful phishing attacks revealed detection gaps in support and SOC teams, allowing unauthorized access without alerts.
Assumed Breach and Privilege Escalation Case
Weak authentication and poor segmentation enabled privilege escalation from VPN access to full domain control.
Network Compromise and Cloud Infrastructure Exposure Case
Poor network segmentation enabled an attacker to pivot from internal access to full cloud takeover.
Application Threat Modelling and Phishing Attack Chain Case
A threat model helped prioritize vulnerabilities, leading to the identification of a phishing attack chain that bypassed MFA and allowed unauthorized transactions.
Payment processing API penetration testing
Tenendo specialists discovered an unattended staging environment and leveraged its vulnerabilities for sensitive information disclosure. This information was later reused in an attack against the main application, that allowed us access to the payment API on behalf of other customers of our Client.
Client-Bank application compromise
This case is a very good example why manual penetration tests are valuable – the team achieved compromise without administrator access to the application, not using any known exploits or discovering injection/deserialization/other RCE flaws.
Enhance Your Cybersecurity Today!
Discover vulnerabilities and strengthen your defence.
