Anchor Technologies, Inc.
  • Solutions
    • Security Assessments
    • Compliance
    • Incident Response & Disaster Recovery
    • Comprehensive Security Management
    • Security Program Support
    • Virtual CISO
  • Capabilities
    • Advisory
    • Integration
    • Technology Procurement
    • Risk Management
  • Insights
  • About
  • Contact
Select Page

Case Study: Penetration Testing

by Peter Dietrich | Jan 9, 2020 | Case Study | 0 comments

Case Study

Penetration Testing

This customer wanted to throughly replicate what an attacker could potentially exploit within his environment. They hired Anchor Technologies to ethically hack their environment from the Internet and from within the network.

Intro

How We Improved Executive-Level Cybersecurity Risk Awareness

The engagement began with exploring all information available in the Open Source Intelligence (OSINT) realm on the Internet.  From this investigation we discovered the IP address blocks and vendors the organization was using to hosts their core customer facing application. The investigation also provided key information on employees that worked in important roles at the organization, their email addresses, and in a few cases, even their login IDs and passwords were harvested from the Dark Web. This certainly had an impact with the organization’s executives in reviewing the findings report.

Details

Hacking your organization before the bad actor does.

Challenge

How to test your security controls using the same methods that a real attacker would, in a safe controlled non-disruptive manner. Maybe even test your staff’s ability to respond to a cybersecurity attack.

Solution

The Penetration Test exploits technical vulnerabilities extending the Vulnerability Assessment activities into a proof of exploitability vs. just a theory. This test is extremely valuable after the organization has a reasonable level of confidence in its security controls. This test replicates what an attacker will actually do to break into your environment, but in a safe and cooperative controlled manner.

Accounts Compromised

3

Vulnerabilities Tested

40k+

Network Penetrated

100%

Budget Increase

18%

Engagement Summary

The test resulted in a 100% penetration level of the internal network while pivoting through the external network. Multiple entry points were identified and proof of each penetration step was documented and supported with detailed evidence on how the weakness was identified and exploited.

It was shown how an attacker could identify the key systems, gather enough OSINT to effectively plan an attack then probe the system vulnerabilities until a path inside was found.

 

Once inside, the attacker could have utilized a combination of two lower severity vulnerabilities to gain domain level credentials. Once the domain credentials were acquired, then fake system accounts were setup to evade detection and the internal resources were explored for data of interest. Once the data was identified, then a sample was exfiltrated through the minimally restricted outbound encrypted SSL ports to the attacker’s waiting external host. This evaded all detection from the existing advanced security controls.

Testimonial

“I can’t believe it took us this long to perform this test. So happy that we did. The results don’t lie.”

Organization’s CEO

Get In Touch

6315 Hillside Court, Suite J, Columbia, MD 21046
866.841.0777

info@anchortechnologies.com
  • Facebook
  • Twitter
  • LinkedIn

Recent Posts

  • eSentire Partner Anchor Technologies a Key Player in Growth and Success
  • The Metaverse Could Cost You Everything, If You Let It
  • Anchor Technologies, Inc. Launches New myCYPR Platform for Third-Party Risk Management (TPRM)
  • Vendor Risk Management (VRM)- How to Establish Trust

Categories

Tags

account theft Administrative Privileges assessment authorized CIS control CMMC CMMC Compliance Compliance Compromise configuration Cyber culture at work Data Data Loss Prevention Data Protection Department of Defense devices DoD Email Encryption Ethical Hack exploit Firewall gap analysis human security risk Integrity inventory myCYPR Network Device password patching penetration test phishing Risk Management Risk Rating RSA Conference scan Security Control software Test third-party third-party risk unauthorized Vendor security vulnerability vulnerability scanning

Solutions

Security Assessments

Compliance

Incident Response & Disaster Recovery

Comprehensive Security Management

Security Program Support

Virtual CISO (vCISO)

Capabilities

Advisory

Integration

Technology Procurement

Risk Management

myCYPR

Insights

Blog

News

Events

About

Our Story

Our Approach

Contact

info@anchortechnologies.com 

(410) 295-7601  |  (866) 841-0777

6315 Hillside Court, Suite J

Columbia, MD 21046

 

BREACH RESPONSE HOTLINE

breach@anchortechnologies.com 

(866) 841- 0777, option #8