Enterprise, Governmental

  • Home
  • Enterprise, Governmental
Enterprise, Governmental
Customer Requirements:
Due to the geo-political changes and their potential ramifications in the arena of cybersecurity, a governmental organization sought to test how deeply an advanced persistent attacker could penetrate into their ecosystem, both as an outside external hacker and an insider threat. 
(AUG 2020)

OP Innovate planned an OSINT campaign to gather information as the reconnaissance phase prior to launching an attack on the customer’s assets. This would be followed by penetration testing of the internet facing assets, then identification of the most advanced attack (from the perspective of exploitability and impact) that an insider threat could execute.

OP Innovate’s Red Team began researching the target organization and gathering information on  business purpose, personnel, technological platforms, employees that could potentially have an impact on it and other in-scope components.

The Red Team collected many leaked user credentials found in 3rd party breaches then the team conducted a social engineering and spear phishing campaign, and managed to trick a user and gain control over their local, domain connected machine. After installing a network scanner and gaining admin privileges on many of the organization assets and machines, the team gained control of a web developer’s workstation which enabled them to move laterally as admin to the websites and gain admin privileges on 80% of the organization’s web assets.

The organization has patched and mitigated the Red team findings with the help of the researchers’ recommendations. The organizational resilience to the ever-present threat of cyber attack has been increased and a long term defense plan has been established.

Related Posts

Enterprise

- Strategic Planning - Incident Response - Data Forensics - Data Analysis

Read More

Finance, Insurance

- Incident Response - Vuln. Assessment - Open Source Intel - Negotiation team

Read More
Under Cyber Attack? Click Here