Hacking one of the largest Toll Management Company in the Philippines

Vulnerability Assessment and Penetration Testing of a Major Toll Management Company


The client was looking to improve its external security posture. They engaged NullForge to perform an External Penetration test, targeted mostly on the toll management system.


Identify possible ways of manipulating the toll system – e.g. free access, card deactivation.


NullForge uses the same tools and tactics used by the bad guys. We use both manual and automated testing methods, and take advantage of both custom-built and industry available tools.


The security posture of the client was deemed financially critical. Vulnerabilities in the system that allows for tampering and free access to the highway system was identified. The management app was also compromised and client sensitive information was exposed (e.g. Name, birthday, address, etc). PII exposure.