How we did it

Social engineering tactics were used to craft convincing phishing emails targeting support engineers.
The attack exploited weak initial access controls, specifically AnyConnect/OVPN.
The phishing payloads executed commands on the engineer’s workstation, demonstrating a critical gap in endpoint detection.
SOC response was monitored to evaluate reaction time and effectiveness in containment.

Conclusion

The test revealed a significant gap in phishing detection and response mechanisms for the support team. The lack of alerts allowed the attacker to gain initial access undetected. The SOC team demonstrated a better response time but still had areas to improve.

Recommendations included:

Enforcing two-factor authentication (2FA) on all remote access solutions.
Strengthening endpoint detection (EDR) to flag unauthorised command execution.
Improving phishing awareness training for all employees.

Targeted Phishing on Cloud Services Provider Admin infrastructure Case

Successful phishing attacks revealed detection gaps in support and SOC teams, allowing unauthorized access without alerts.

The Challenge

A red team engagement was conducted to evaluate the resilience of the security team against targeted phishing attacks. The objective was to assess both the response of the support team and the SOC team to phishing attempts that aimed to gain unauthorized access through AnyConnect/OVPN.

The Solution

A series of phishing campaigns were launched:

A targeted phishing attempt on the Admin Support Team, which successfully led to command execution on the engineer’s side without triggering any detection alerts.

A targeted phishing attack on the SOC team that executed but was quickly mitigated, as the malware ran on a virtual machine that was immediately shut down. Due to significant awareness and reaction from C-level executives and the SOC team, this scenario was not further developed.

Application Penetration Testing

Infrastructure Assessment

Cloud Infrastructure

Performance and scalability assessment

Cybersecurity assessment

Threat Intelligence

Red Teaming

Compliance Readiness Services

Purple Teaming

Training

Due Diligence

Insides

Case Studies

Contact Us

About Tenendo

Contact us:

How we did it

Conclusion

Tenendo Limited