To ensure the effectiveness of our client’s security implementations LIFARS frequently conducts penetration tests evaluating their systems can hold up to real world scenarios and stay resilient. Our cyber resiliency experts deliver calculated attacks against systems the same way black hat hackers.
In December, our client requested that LIFARS Pen Testing Team perform an external black box penetration test as part of a due diligence exercise. The client, a medium-sized organization with over 200 employees and 30 IPv4 addresses, understands the risks they face on a daily basis and the importance of meeting compliance standards. Therefore, this client requested an external black box penetration test on their network.
The intent of this assessment was to identify weaknesses in the company’s internet facing infrastructure and to detail how these vulnerabilities could impact the organization.
Therefore, the team used TFTP server and Cisco Smart Install Protocol as main targets for mounting other attacks, such as Man-in-the-middle. The black box testing, as an unauthenticated user for Fortinet FortiOS, resulted in finding directory traversal vulnerability. The penetration test simulated a malicious actor engaged in a targeted attack against the company’s external internet facing network. This security testing effort was conducted with emphasis on the actual state of the systems examined and no documentation to the client was provided.