Main Menu

Leveraging Enhanced Red Teaming to Identify Vulnerabilities 

Client Background

Client was undergoing routine penetration tests and running internal scanning daily.

Vulnerability Discovery Process

Within hours of beginning the test, the HORNE Cyber red team was able to gain administrative privileges across the entire network, using information extracted from unsecured network devices. Using their elevated privilege on the network, the team was able to obtain passwords for all users in the organization from the email server. By exploiting unsecure password re-use, the team was able to traverse critical systems throughout the entire network.

Despite quickly gaining access to the entire network, our enhanced red team approach continued to provide value by finding other vulnerabilities that did not rely upon the access they had already gained. This client relied heavily on industrial control systems (ICS). The HORNE Cyber red team used their experience with ICS to locate and demonstrate vulnerabilities that could be used by a malicious attacker to completely halt operations.

Vulnerabilities were also identified in electronic door locks, security cameras, scanners, printers, and copiers that could have been used to steal trade secrets or to leak data sought-after by activists. For example, by exploiting these vulnerabilities, the team was able to observe normal production activities through security cameras which would have been extremely interesting to activist groups.

Lessons Learned

At the conclusion of the engagement, HORNE Cyber described to the client simple remediation strategies to improve their security posture.

Lesson #1: Credential management can be challenging, but keeping the “keys to the kingdom” out of attacker hands is imperative.

Lesson #2: Highly skilled and experienced penetration testers with a specialty in industrial control systems are a must for the testing of mission critical automated systems.

Lesson #3: A lapse in operational security can result in becoming the victim of intellectual property theft or the target of a reputation damaging public smear campaign.