The client college was looking to improve its internal security posture. The college engaged Secmentis to perform Internal Attack & Penetration Testing, in order to assess their internal network's weaknesses.
The goal of the college in engaging Secmentis to perform Internal Penetration Testing was to evaluate the effectiveness of their IT security controls, and to understand their weaknesses and how to fix them.
The objectives of the penetration testing engagement were set as follows:
Secmentis Penetration Tests are performed from a "blackbox" perspective (i.e. zero initial information, apart from the target company's name) in order to make the ethical hacking attacks more realistic.
Secmentis uses the same tools and tactics used by the bad guys against your business. We use both manual and automated testing methods, and take advantage of both custom-built and industry available tools.
For the Internal Penetration Test, a Secmentis consultant was placed on-site at the college and performed the testing from there.
At the end of our testing, a detailed report was provided to the company, including an executive summary, and our technical findings/evidence and remediation recommendations.
Secmentis consultants achieved spectacular results, some of which are summarized below.
Full Admin access on the College's website would mean attackers could create fake pages, extract information from potential students, perform client-side attacks, etc.
Full Admin access was achieved on all of the company's staff PCs, which would enable attackers to extract very sensitive business information.
Full Admin access was achieved on the company's Intranet website, which would enable attackers to create fake pages, extract information, perform client-side attacks, and more.
Sensitive information that could be extracted: The company's HR data, customer data, business data (e.g. plans), and other confidential data.
Talk to us today to find out how our experts can best help you