Summary
This document is a collection of case studies detailing various offensive security research conducted by NetSPI's pentesting team. It includes six chapters, each presenting a unique security challenge and the methodologies employed to address them. The first chapter discusses a critical vulnerability in a healthcare application where full source code and sensitive user data were exposed, highlighting the urgency of remediation. Subsequent chapters cover topics such as the effectiveness of epoxy coatings against reverse engineering, misconfigurations in Azure Active Directory leading to privilege escalation, and the use of deepfake technology to bypass voice biometric systems. Additional case studies illustrate social engineering tactics used to gain unauthorized access to secure facilities and the discovery of vulnerabilities in the Kerberos authentication protocol. Each case study outlines the processes followed, discoveries made, and recommendations for remediation, emphasizing the importance of robust security measures.
