This page looks best with JavaScript enabled

Red vs Blue Team Event

 ·  ☕ 2 min read  ·  👨‍💻 Ibrahim Durmus


Red Team Report

With 2 fellow students, we performed a pentest assignment during the red vs blue team event.


This Red Team report contains all efforts that were conducted in order to test the security of the systems that were developed by the security engineers. The purpose of this report is to transfer the findings to the security engineer that developed the system, so he can take action upon this.


The objective of this assesment is to perform an internal penetration test against systems developed by their security engineers.

Red Team Report - High-Level Summary

The task was to perform an internal penetration test towards the systems that have been developed by the security engineers. An internal penetration test is a dedicated attack against internally connected systems. The focus of this test is to perform attacks and infiltrate these systems. The overall objective was to evaluate the network, identify systems, and exploit flaws while reporting the findings back to the security engineers.

Red Team Report - Findings

  • Nearly all the systems used HTTP, so a man in the middle attack is possible.
  • When requests are send directly to the microservices, there is no authorization because this happens through the gateway normally.
  • The password for the test account was being re-used for Portainer, which gave us full access to the whole application.


  • Use https instead of http
  • The authorization should be fixed, make sure to implement a check on the microservices as well.
  • Use strong and unique passwords for each service

Download the write up

Share on

Ibrahim Durmus
Ibrahim Durmus
Cyber Security Student