- We were integrated into the customer's RED team, which is responsible for identifying, verifying and escalating vulnerabilities that may impact the group, both internally and externally.
The goal was to scan the exposed surface of the company's and its subsidiaries' assets and try to take full control of the targets' information systems without any prerequisites, by:
- Gathering information on the targets by means of an OSINT search;
- Identifying the target's domain names and sub-domains, using active and passive scanning approaches;
- Searching for vulnerabilities on UP services and servers;
- Diagnosing initial compromise and maintaining access;
- Escalating local privileges;
- Performing post-exploitation enumeration and lateral movement;
- Escalating global privileges (domain admin or equivalent);
- Drafting reports and managerial summaries.
Keys to success
- Our expertise in offensive security;
- Our ability as service providers to summarize and present their work to customers;
- Our ability to assess the risks involved in this type of intervention and limit their impact on normal operations;
- Our good communication skills enabling the service provider to manage feedback meetings.