Client Background
Global Mediator empowers companies to accelerate their digital transformation of business processes on the Microsoft technology stack. Global Mediator focuses on Dynamics 365 Business Central, Power Platform, .NET, and technologies that drive business growth. Global Mediator is one of the largest developmental centers in Eastern Europe
Project trigger
The engagement aimed to comply with ISO 27001 requirements for IT risk identification through vulnerability testing, simulating hacker attacks to gain unauthorized access, escalate privileges, or disclose confidential information. Network and Application Security Testing with Blackbox and Graybox methodologies was required
Solution
The scope included external infrastructure reconnaissance using only the company name, Blackbox testing from an untrusted source, and Graybox testing simulating an insider to evaluate security controls, roles, and configurations. Network perimeter testing, Social engineering techniques, and comprehensive Application testing was conducted
Methodologies
Our methodology is based on leading standards like PTES, NIST SP 800-115, OSSTMM, OWASP and improved by our own experience
Tools used
During pentesting, a full set of common pentester tools was used, but the main key to success was manual analysis, interconnecting individual vulnerabilities exploitation results to escalate privileges and demonstrate practical IT-infrastructure compromise
Results
The client gained a clear understanding of their cybersecurity posture, vulnerabilities, and areas requiring improvement. The testing provided insights into potential exploits, enabling risk mitigation and defense strengthening. Pentest helped fulfill ISO 27001 requirements, achieving certification and demonstrating commitment to information security best practices. The project delivered actionable intelligence and a roadmap to address security gaps, harden IT infrastructure and applications against cyber threats, and ensure compliance
