An oil and gas company with global operations required a pentest to see what would happen if someone had already breached their network from outside. With a standard set of user credentials and remote access, what could they do from there?
Our first goal was to find a way to put the tools we needed on the relevant machine, which we achieved by bypassing the endpoint’s security controls. From there, the goal was to move laterally, compromise other hosts on the network, and escalate privileges. This proved an extremely tough exercise, but we eventually found a chink in the armour.
Having discovered only one host that wasn’t implemented according to a security baseline, we were able to establish a foothold and run commands that allowed us to escalate privileges and compromise the domain.
All in all, a real-life testament to the offensive security mantra: ‘Try harder’.
Let Mobius Binary determine whether your application, system, or network is clearly secure or not.