Penetration testing simulates a real hacking attack in a controlled manner, and represents itself the most reliable way to ensure effectiveness of the information security controls. Our penetration test is tailored to specifics of each client and conducted in a maximum accurate way to not disturb business process. We are able to perform the test using different methods and on all kinds of infrastructures. Existing exploits are tuned to work inside the customer IT environment and we’re capable to develop new exploits. Our tools are obfuscated to bypass intrusion detection and antimalware solutions.
Project case: Internal network penetration testing
The test goal was to identify how far the user with a standard Active Directory role can penetrate into the network. The project was conducted in a gray-box manner via the virtual machine plugged into the network port inside customer facility. The virtual machine established a backconnect VPN to the pentesting team server. The audit identified multiple issues that lead to data leakage and access to confidential data. Some of them includes:
As a result, the customer has received a detailed report with recommendations. In addition, the retest was performed to be sure that all critical vulnerabilities were fixed.
- ARP spoofing and traffic interception
- LLMNR spoofing and traffic interception
- Pass the hash attack (aided by ARP/LLMNR spoofing) and access to the Customer's Sharepoint site
- AD group policy saved passwords
- Vulnerable service with default passwords
- Vulnerable ILO interfaces
Project case: REST API penetration testing
The project goal was to found security vulnerabilities in the REST API in a web-application. The customer’s RESTful web service was used to serve a Single Page Application (SPA) front-end and iOS/Android mobile applications. The traffic from SPA/mobile frontends was captured to recover API and their parameters. The SWAGGER API doc was created and confirmed with the Customer developers to ensure its completeness.The APIdoc was feed to web application scanners to automatically check every parameter. Also, after the automated scanning, the manual test was conducted. As a result, the customer has received a detailed report with recommendations on how to mitigate vulnerabilities found. Some of them includes:
- Cross-site scripting (XSS) in the API error message
- Unsafe deserialization
- XML XEE inclusion and SSRF and arbitrary file read
- SQL injection
Project case: WordPress site penetration testing
Customer requested to conduct a gray box testing of his WordPress based business website. The test was performed on the staging site first, and then on the production to reduce the risk of production data/web-site availability damage.
Project size was 5 man-days with total duration 10 calendar days (a few days were spent to get credentials from the site developers). The following bugs were identified:
The XSS bug was found in one of the WordPress extensions. There was also directory listing enabled (the configuration issue). The findings were reported to the customer. In two weeks we verified the bug fixes (free of charge).
- The SQL injection bug was identified in the custom theme developed by the developer
- XSS in the one of the WordPress extensions (which was out of date)
- Directory listing was enabled in the web-server configuration
- Combination of race condition and insufficient file extension validation in the CV upload section (in the career part of the web-site). It was possible to upload a php script as CV and trigger its execution before the file was deleted (after processing by the web-site business logic)