Together with 2 other students we contacted CM.com to conduct a penetration test to determine their exposure to a targeted attack. All activities were conducted in a manner that simulated a malicious actor engaged in a targeted attack against CM.com with the goals of:
- Identifying if a remote attacker could penetrate CM.com’s defenses.
- Determine the impact of a security breach on:
- Confidentiality of the company’s private data.
- Internal infrastructure and availability of CM.com’s information systems.
Efforts were placed on the identification and exploitation of security weaknesses that could allow a remote attacker to gain unauthorized access to organizational data. The attacks were conducted with the level of access that a standard customer would have.
During the pen test, we used the cyber killcain. We followed and documented every step of the killcain.