November 24, 2021
Manufacturer Uncovers Source Code Management and VPN Vulnerabilities


An American automotive manufacturer had a new CISO who wanted to take a fresh, unbiased look at the efficacy of the organizations’ security controls. The company had worked with CBI on its incident response readiness capabilities in the past; they were looking to evaluate defenses against the latest attacker tactics, techniques, and procedures (TTPs), and identify any unknown attack surfaces.


Members of CBI’s Advanced Testing Services (ATS) performed reconnaissance to determine the topology of the network and live hosts. Approximately 700 live hosts were found connected to external IP addresses among the 45,000 addresses that were in scope for the engagement. Enumeration of the hosts took place to identify operating systems, services, and protocols. Vulnerability scanning, port scanning, service identification, OS fingerprinting, and DNS enumeration techniques were used, and firewall and VPN penetration testing were carried out.

The client had strong controls in place, but open-source intelligence (OSINT) gathering revealed API keys for an Azure service that were exposed on GitHub. That issue—coupled with the discovery of a misconfigured extranet VPN used for non-employees that could be accessed with any password-enabled CBI to breach external network infrastructure.

After discovering and connecting to a Veeam backup service with credentials captured via a forced authentication attack and password cracking, our experts obtained data that enabled them to pivot to other machines as a local admin and access internal networks. Attackers using similar TTPs could gain control over most domain user accounts and access sensitive data.

Case Study | Manufacturing VPN Vulnerability


In order of priority, we provided an easy-to-read report containing an executive summary and risk-ranked descriptions of the vulnerabilities we uncovered. The report detailed how vulnerabilities were exploited, and the exact steps required to remediate them.

The engagement complemented the organization’s internal vulnerability management efforts, and provided the objectivity needed to convey an accurate picture to key stakeholders. CBI manually retested after the remediation work was completed to verify vulnerabilities had been resolved.

View Case Study
About the Author
Eric Randle
Manager and Senior Penetration Tester
Eric Randle applies an extensive background in penetration testing and web application security to his role as Security Engineer, Red Team with CBI. He holds several industry certifications, including Certified Information Systems Auditor (CISA), Certified Penetration Testing Engineer (CPTE), and GIAC Web Application Penetration Tester (GWAPT). Eric leverages his 18 years of experience with the latest tools and techniques to help CBI clients test and assess their security controls.
I Need To...