Hacking one of the largest oil company in the Philippines and South East Asia


Vulnerability Assessment and Penetration Testing of a Major Oil and Gas Company


The client was looking to improve both its internal and external security posture. They engaged NullForge to perform both an External and Internal Penetration Testing in order to assess their network’s weaknesses, to evaluate the effectiveness of their IT security controls, and how to fix them.


Identify any highly critical vulnerability and misuse of its point system.


NullForge uses the same tools and tactics used by the bad guys. We use both manual and automated testing methods, and take advantage of both custom-built and industry available tools.


The security posture of the client was deemed highly critical. Vulnerabilities in web applications allows for points to be added to accounts of any user which can then be redeemed. Client sensitive information was also exposed (e.g. Name, birthday, address, etc). PII exposure