NAC Bypass and ARP Spoofing – Case Study

Penetration Testing is to find weak spots in a controlled environment and exploit them in a controlled manner.

Penetration Testing, Cybersecurity and Data Protection.

To ensure the effectiveness of our client’s security implementations LIFARS frequently conducts penetration tests evaluating their systems can hold up to real world scenarios and stay resilient. Our cyber resiliency experts deliver calculated attacks against systems the same way black hat hackers.

In December, our client requested that LIFARS Pen Testing Team perform an internal black box penetration test as part of a due diligence exercise. The client, an international financial organization with over 10000 employees and 500 IPv4 addresses, understands the risks they face on a daily basis and the importance of meeting compliance standards. Therefore, this client requested an external black box penetration test on their network.

The intent of this assessment was to identify weaknesses in the company’s internet facing infrastructure and to detail how these vulnerabilities could impact the organization.

Therefore, the team used ARP poisoning as a main target for mounting other attacks, such as Man-in-the-middle (MiTM). This security testing effort was conducted with emphasis on the actual state of the systems examined and no documentation to the client was provided.

Download NAC Bypass and ARP Spoofing Case Study