5 most scary Pentests of 2015

Author: Martin Voelk
December 18, 2015

2015 was a great year with a lot of new customers and exciting projects. We often get asked, what sort of information are you able to retrieve in typical Penetration Testing engagement with customers. The answer is: Scary stuff! We have compiled a small list of the top 5 Ethical breaches on our 2015 engagements.

Customer 1

This customer is an airport and asked us to do a full scale Penetration Test. The scariest part was being able to control all CCTV, alarm systems and sprinkling systems. It was challenging but through pivoting through a lot of different networks we were able to gain full control. Needless to say the management was impressed and scared at the same time.

Customer 2

This customer from the retail space already had hardened defenses in place, so we turned attention towards individual board members. Social engineering allowed us to receive very sensitive information from top ranking CXOs. The customer was speechless and have since employed new strategies to tackle social engineering attacks.

Customer 3

A customer who had a suspicion of being hacked engaged us for forensic analysis. We discovered a full scale breach where attackers had set up RSPAN sessions to mirror almost all traffic out to an attacking server via a VPN. We don’t often see such sophisticated attacks but all their traffic had been eavesdropped for almost 2 months.

Customer 4

Ransomware. Crypto Wall. Nothing special really except that it was the laptop of a high net worth CEO. We always recommend NOT to pay ransom. Fortunately enough he had a lost of Microsoft restore points and we were able to recover a clean point with only a few days of lost data.

Customer 5

A financial client who runs a high profile subscription service to clients. They noticed that subscription rates have dwindled over the months and were suspecting a breach. They engaged us to investigate. We found username and login pairs for the expensive service on the Dark Web and pastebin.com. Client since moved to a 2 factor authentication mechanism.