Client Background
The largest manufacturer of diamond tools in Eastern Europe. Distar is a joint Ukrainian-Italian company. Tens of thousands of craftsmen in more than 55 countries use the Distar tools every day.
What triggered the project launch
A diamond tool manufacturer recognized the need to enhance their cybersecurity posture and to fulfill compliance requirements. The primary objective was to evaluate the security of their IT resources through infrastructure penetration testing and social engineering testing. Additionally, the client sought to implement effective cybersecurity measures to raise network protection and to raise awareness and mitigate risks associated with social engineering attacks.
Solution
The scope included penetration testing the perimeter of information systems accessible from outside, including websites, online stores, mail domains and other services. Social engineering testing involved implementing phishing email attack scenarios targeting employees.
Methodologies
Our pentesting methodology is based on leading standards like NIST SP 800-115, PTES, OSSTMM, OWASP and improved by our own 15 years of experience.
Tools used
During pentesting, a full set of common pentester tools was used, but the main key to success was manual analysis, interconnecting individual vulnerabilities exploitation results to escalate privileges and demonstrate practical IT-infrastructure compromise.
Results
The penetration testing was conducted in phases, with results monitored and recorded at each stage. Constant communication and discussions were maintained throughout the project, ensuring timely completion.
The client received insights into vulnerabilities, potential attack vectors, and areas for improvement, along with actionable recommendations to address security gaps, implement robust measures, and enhance employee awareness.
External compliance requirements were also met.
