In April, our client requested LIFARS Pen Testing Team to perform an authenticated black-box penetration test of the VPN solution and connection to the host through RDP. The client understands the risks they are daily facing as well as the importance of meeting compliance standards. Therefore, this client asked for an authenticated black-box penetration test.
LIFARS frequently conducts penetration tests to ensure the effectiveness of our client’s security implementations and to evaluate whether their systems can hold up to real world incident scenarios and stay resilient. Our cyber resiliency experts deliver calculated attacks against systems the same way black hat hackers.
The intent of this engagement was to identify weaknesses in the company’s VPN solution and to detail how these vulnerabilities could impact the organization.
Our team found a critical vulnerability – Restricted RDP connection bypass which could help attacker mount other attacks. This security testing effort was conducted with emphasis on the actual state of the systems examined and no documentation to the client was provided.
Note: All information in this case study has been modified to maintain confidentiality of our client