This NetSPI client is a major financial services company.
NetSPI was engaged to do an anonymous scenario-based red team attack against the client’s internal network. This project was designed to test the client’s detective and response capabilities, identify vulnerabilities and escalation paths, and prove that full network compromise was possible in a short period of time. The entire exercise happened during a four-day period. Vectors of attack were limited to network- and application-level attacks. All phishing and other social engineering attacks were out of scope. Beyond allowing physical access to the network, no information was provided to NetSPI.
Using primarily manual testing techniques, the NetSPI pentesters enumerated all of the internal network ranges and systematically exploited vulnerabilities to escalate privileges and avoid detection.