A conglomerate needed to assess the state of its sprawling IT infrastructure. We mapped over 500 domains for analysis and locate multiple vulnerabilities
The client was provided detailed documentation about vulnerabilities in its sprawling IT infrastructure. Along with major security issues, we reported unprotected sensitive data, vulnerabilities that could result in data breaches and details about a newly discovered zero-day. We enumerated multiple recommendations to improve their security posture; from the inclusion of security headers to the use of Virtual Private Networks (VPN) as protective enclaves. Additionally, we collected email addresses and social network profiles of over 2000 employees to identify interesting targets for social engineering attacks. The full report included the data collected and a detailed list of recommendations to improve its security posture. The threat assessment provided an excellent view of the company’s infrastructure from an adversarial point of view.