Fortuna

Ready to strengthen your defenses?

Let's discuss your next
security milestone
CONTACT
CASE STUDIES
CONFIDENTIAL

How a single office device led to full domain compromise

CLIENT

Confidential

SERVICE

Penetration Testing

INDUSTRY

Consulting

YEAR

2024

Fortuna conducted a targeted red-team engagement focused on evaluating the physical and internal network security posture of a consulting firm's office environment. The engagement combined on-site assessment, device exploitation, and privilege-escalation techniques to simulate a determined attacker with partial physical access.

Problem

The client was concerned about the resilience of their internal systems against an attacker who could bypass perimeter defenses through physical presence or through overlooked IoT-style devices within the office. They lacked visibility into how insecure embedded systems, misconfigured devices, or undocumented network paths could create high-impact compromise scenarios. Prior assessments had focused on cloud and application-layer security, but the client had never validated the security of on-premises infrastructure or lateral movement pathways inside their office network.

Solution

Fortuna executed a controlled red-team operation designed to emulate a sophisticated intruder operating from within the client's office. Starting with baseline reconnaissance inside the premises, we identified a rarely-noticed printer located in a low-traffic zone. After disassembling the device and extracting its SD card, we reverse-engineered the firmware and uncovered sensitive LDAP account information stored insecurely. This allowed us to authenticate internally and validate that the compromised account possessed excessive administrative privileges within Active Directory. Our findings demonstrated how a single overlooked device could be leveraged to compromise critical identity infrastructure.

Key results

01

Identified an unmonitored office zone containing a vulnerable embedded device

02

Performed successful firmware extraction and analysis from physical hardware

03

Recovered plaintext LDAP account credentials from device storage

04

Determined that the recovered account had domain-level administrative privileges

05

Demonstrated end-to-end compromise path from physical device → internal network → Active Directory admin

Explore related
case studies

Client: Confidential

SERVICE

Penetration Testing

YEAR

2025

Real-world office penetration test reveals IoT to enterprise attack path

Fortuna conducted an on-site office penetration test to see if an attacker could access the client's enterprise network via physical or wireless weaknesses.

EXPLOREEXPLORE

Client: Confidential

SERVICE

Penetration Testing

YEAR

2025

Demonstrating total AD takeover from low privilege VPN access

A mid-sized consulting firm hired Fortuna to test if limited VPN access could be leveraged to exploit internal apps and escalate privileges in Active Directory.

EXPLOREEXPLORE

Let's discuss your next security or compliance milestone

Scale with securityScale with security