Tag Archive for Penetration Testing
PCI DSS segmentation testing
The team created several hardware connect-back appliances and used it in a PCI DSS segmentation testing engagement to uncover impactful network vulnerabilities.
Partnership
Tenendo has excellent experience partnering with PCI QSA, software development and cybersecurity companies. We have qualified technical resources and are working on expanding our partner network.
Social engineering
During this social engineering engagement, it was possible to achieve persistent internal access, exfiltrate confidential and personal information, and compromise the internal segmented infrastructure.
Payment processing API penetration testing
Tenendo specialists discovered an unattended staging environment and leveraged its vulnerabilities for sensitive information disclosure. This information was later reused in an attack against the main application, that allowed us access to the payment API on behalf of other customers of our Client.
Client-Bank application compromise
This case is a very good example why manual penetration tests are valuable – the team achieved compromise without administrator access to the application, not using any known exploits or discovering injection/deserialization/other RCE flaws.
Internal adversary simulation
The adversary simulation activity allowed the security team to demonstrate a complete compromise path while not using any usual, “exploitable” vulnerabilities.
Internal Adversary Simulation Case
The adversary simulation activity helped the client identify and remediate multiple issues with the on-premise infrastructure and vulnerabilities, calculate potential risks, and improve the overall security posture. Each finding also included proposed solutions for applying industry-standard defences.
Azure Active Directory compromise
The Azure penetration test helped the client identify and remediate multiple issues and misconfigurations, harden their infrastructure and calculate potential risks.
Red Teaming
Discovering potential compromise paths. Test threat response, detection, and investigation processes.
Infrastructure penetration testing
Infrastructure penetration testing focuses on the security of both the application environment and the supporting infrastructure, including third-party services and applications. The testing is performed with a combination of manual and automated techniques, tailored for the specific environment.
