A listed gold mining company asked us to perform an internal pentest with a twist, adding specific use cases to assess their monitoring and detection systems.
Beginning from a non-domain-joined machine, we got domain admin by five different paths within the first two days and downloaded numerous user credentials. We looked for additional paths and found as many ways as we could to compromise the environment. We then ran the use cases, deleting logs and policies off machines and exfiltrating large volumes of data, doing everything a hacker would’ve done to cover their tracks or establish persistence.
Since the client detected virtually none of our activities, it was clear that their monitoring function wasn’t running effectively and that there were holes in their security posture.
Happily, with said gaps identified by our feedback, the client was equipped to tune their monitoring and detection to address their weak points.
Let Mobius Binary determine whether your application, system, or network is clearly secure or not.