Get a resume

Black Box guided penetration test

Report on a penetration test carried out in a Black Box environment, with guidance on the vulnerabilities to look for.
* Timespan: December 2023 - January 2024
* Description:
  - Supervised university project, without technical production.
  - Report on a penetration test carried out in a Black Box environment, with guidance on the vulnerabilities to look for.
* Improvement paths:
  - Take up the structure adopted by the report, based on the analysis of reference documents and compliance principles.
  - Deepen the feedback provided within the report.

The main objective of this project was to carry out an intrusion test in a Black Box environment typical of an enterprise IT architecture.
The resulting environment could be broken down as follows :

  • A WAN network, representing all networks external to the audited company's IT architecture (hence including direct access to the Internet), from which common, external threats originate.
  • A DMZ network, including all the audited company's systems whose services are available from WAN networks (accessible from the Internet).
  • A LAN network, including all systems whose access is strictly restricted to the company's internal IT architecture (inaccessible from the Internet).

In the deployed IT environment, these different networks were separated by a single pfSense firewall.

Vulnerabilities discovered, documented and exploited include :

  • Weak authentication credentials on external company services, providing access to protected company resources.
  • The critical Log4j vulnerability, enabling remote code execution, identified on the Apache HTTP service of the web server operating in the company's DMZ network.
  • The DirtyPipe vulnerability, enabling an elevation of privileges, identified on the web server operating in the company's DMZ network.
  • The execution of a Docker container with excessive privileges, allowing privileged users from the container to interact with the host's file system and creating by default an access point to the host system as a privileged user from within the container.
  • Default authentication credentials.

Although this penetration test was carried out in a Black Box environment, it is worth noting that no active defense mechanisms (IDS/IPS, SOC, etc.) were deployed within the audited IT architecture, which greatly simplified the discovery and exploitation of the identified vulnerabilities.
Lastly, this report should have been better structured and expanded, as it was assembled alongside an avalanche of project presentations and submissions.
It is notably lacking a prioritization of the recommendations provided, and a format that makes it possible to distinguish precisely what is intended for the directive department and what is intended for the company's technical teams.

Documents and deliverables

Rapport final de test d’intrusion

en_USEN
fr_FRFR en_USEN