Pentesting a leading College

The Engagement

Background

The client college was looking to improve its internal security posture. The college engaged Secmentis to perform Internal Attack & Penetration Testing, in order to assess their internal network's weaknesses.

The goal of the college in engaging Secmentis to perform Internal Penetration Testing was to evaluate the effectiveness of their IT security controls, and to understand their weaknesses and how to fix them.

Get A free quote

Objectives

The objectives of the penetration testing engagement were set as follows:

Internal Penetration Test

  • Attack & Compromise any sensitive employee computers or servers (e.g. file server, email server, etc.)
  • Extract/Exfiltrate any kind of sensitive information (e.g. customer data, trade secrets, etc.)

Secmentis Penetration Tests are performed from a "blackbox" perspective (i.e. zero initial information, apart from the target company's name) in order to make the ethical hacking attacks more realistic.

Process

Secmentis uses the same tools and tactics used by the bad guys against your business. We use both manual and automated testing methods, and take advantage of both custom-built and industry available tools.

For the Internal Penetration Test, a Secmentis consultant was placed on-site at the college and performed the testing from there.

At the end of our testing, a detailed report was provided to the company, including an executive summary, and our technical findings/evidence and remediation recommendations.

Results

Secmentis consultants achieved spectacular results, some of which are summarized below.

Sensitive information that could be extracted: The company's HR data, customer data, business data (e.g. plans), and other confidential data.

Need help with security?

Talk to us today to find out how our experts can best help you