hacking-oil-company

Hacking one of the largest oil company in the Philippines and South East Asia

Vulnerability Assessment and Penetration Testing of a Major Oil and Gas Company

BACKGROUND

The client was looking to improve both its internal and external security posture. They engaged NullForge to perform both an External and Internal Penetration Testing in order to assess their network’s weaknesses, to evaluate the effectiveness of their IT security controls, and how to fix them.

OBJECTIVES

Identify any highly critical vulnerability and misuse of its point system.

PROCESS

NullForge uses the same tools and tactics used by the bad guys. We use both manual and automated testing methods, and take advantage of both custom-built and industry available tools.

RESULT

The security posture of the client was deemed highly critical. Vulnerabilities in web applications allows for points to be added to accounts of any user which can then be redeemed. Client sensitive information was also exposed (e.g. Name, birthday, address, etc). PII exposure

Comments