Pentest & Red team
We were integrated into the customer's RED team, which is responsible for identifying, verifying and escalating vulnerabilities that may impact the group, both internally and externally.
The objective is to scan the exposed surface of the company's and its subsidiaries' assets and try to take full control of the targets' information systems without any prerequisites by:
- Gathering information on the targets by means of an OSINT search;
- Identifying the target's domain names and sub-domains, using active and passive scanning approaches;
- Searching for vulnerabilities on UP services and servers;
- Diagnosing initial compromise and maintaining access;
- Escalating local privileges;
- Performing post-exploitation enumeration and lateral movement;
- Escalating global privileges (domain admin or equivalent);
- Drafting reports and managerial summaries.