Fortuna

Ready to strengthen your defenses?

Let's discuss your next
security milestone
CONTACT
CASE STUDIES
CONFIDENTIAL

Real-world office penetration test reveals IoT to enterprise attack path

CLIENT

Confidential

SERVICE

Penetration Testing

INDUSTRY

Telecommunications

YEAR

2025

Fortuna was engaged to perform an on-site office penetration test for a telecommunications company. The goal was to assess whether a motivated attacker could gain access to the client's internal enterprise network through weaknesses in physical or wireless infrastructure.

Problem

The client managed sensitive telecommunications systems but had not validated the security of its physical office perimeter, guest WiFi, or connected IoT devices. Leadership was concerned that overlooked legacy hardware or misconfigured access points could create a lateral-movement path directly into their enterprise network. They requested a realistic adversarial assessment to understand whether an external attacker, without privileged access, could escalate into critical systems.

Solution

Fortuna executed a targeted internal red-team style engagement focused on wireless compromise and IoT exploitation. After identifying a café within range of the client's office WiFi, our team positioned externally, captured the WPA2 handshake, and successfully brute-forced the password (hashcat - 12 hours, pre-generated dictionary custom tailored to the target's profile). Once connected to the network, we performed internal reconnaissance (passive monitoring of L2 TCP/IP packets & scanned network for open ports with nmap) and identified an outdated IP camera still reachable on the subnet.

The camera's firmware was downloaded (an official image from the manufacturer's site), (unpacked with binwalk), reverse-engineered (with a disassembler), and found to contain a previously unknown (0-day) vulnerability (within its embedded http server) enabling remote code execution. Further analysis revealed the camera had dual interfaces—one for CCTV infrastructure and a second bridged into the enterprise network. By compromising the device, we gained authenticated internal access and validated the risk of cross-network lateral movement through unmanaged IoT hardware.

Key results

01

Successful compromise of WPA2 office WiFi from an adjacent public café

02

Discovery and exploitation of a legacy IP camera with an RCE 0-day

03

Verified that the camera bridged CCTV and enterprise networks

04

Gained foothold into the enterprise network through the exploited device

05

Demonstrated a realistic attacker path requiring no internal credentials or physical access

Explore related
case studies

Client: Confidential

SERVICE

Penetration Testing

YEAR

2025

Demonstrating total AD takeover from low privilege VPN access

A mid-sized consulting firm hired Fortuna to test if limited VPN access could be leveraged to exploit internal apps and escalate privileges in Active Directory.

EXPLOREEXPLORE

Client: Confidential

SERVICE

Penetration Testing

YEAR

2024

How a single office device led to full domain compromise

Fortuna ran a red-team assessment of the firm's office, simulating an attacker via device exploitation and privilege escalation.

EXPLOREEXPLORE

Let's discuss your next security or compliance milestone

Scale with securityScale with security