About: The device was a high-frequency chest wall oscillator designed to enhance the mobilization of bronchial secretions. The primary components consisted of an inflatable vest and a control unit that communicated with a patient portal.

Action: The SCI team conducted a comprehensive security assessment of the patient portal and a penetration test on the device, which included evaluating the data pathways between the device and the portal, binary analysis of the firmware, and wireless connectivity. They identified improper privilege management vulnerabilities in the patient portal and insecure transmission of protected health information (PHI).

Results: The client was provided with recommendations to address these vulnerabilities and later verified the remediation of the vulnerabilities. This resulted in a lower operating risk for the medical device.

About: The communications system functioned as a hospital call bell system, capable of sending detailed patient notifications directly to caregivers. The primary components were several custom-coded and open-source web applications, a wireless-connected hospital bed, staff call stations, and patient room call stations, proprietary Power over Ethernet (PoE) switches, and standard integrations within the patient rooms and with the hospital Electronic Medical Record (EMR) systems.

Action: The team conducted a comprehensive security assessment of the applications and a penetration test of the devices, which identified several vulnerabilities, including improper privilege management, broken access control, and a lack of input validation.

Results: SCI recommendations targeted found vulnerabilities and later verified the remediation of the vulnerabilities, resulting in increased platform resiliency and integrity.

About: The Health Platform is a gateway for receiving medical data from connected devices. The platform consists of web applications, gateway APIs, and interfaces hosted in a public cloud environment and receives data via various protocols, including AMQPS, MQTSS, HTTPS, and HL7.

Action: The SCI team conducted a comprehensive security assessment of the applications, APIs, and interfaces, identifying several vulnerabilities, including improper privilege management, security misconfiguration, authentication bypass, and using components with known vulnerabilities.

Results: SCI provided the client with recommendations to address these vulnerabilities and later verified the remediation of the vulnerabilities, resulting in increased platform resiliency.

About: A physical penetration test evaluates an organization's physical security controls, policies, and procedures. Test scenarios or abuse cases are developed through discussions with the organization and site reconnaissance. Testing can be performed from a white box perspective through escorted inspection and a black box perspective by attempting unauthorized access. It can also ensure that the physical security measures in place prevent physical access to critical or sensitive assets. In this case, the team was asked to attempt unauthorized access to the medical facility.

Action: SCI first began by observing construction and maintenance activities at the facility over several days and then infiltrated it as a maintenance technician. They identified weaknesses in video surveillance, trusted verification methods, lack of physical controls such as a man trap, failure to challenge intruders or respond to suspicious activity, and vulnerability to social engineering.

Results: The organization was pleased with the results of SCI testing, made immediate improvements to physical security measures, and instituted physical security awareness training for all facility personnel.

About: A Ransomware Readiness Penetration Test focuses on identifying attack paths and vulnerabilities that could disclose, alter, or destroy backup systems and the sensitive data those systems protect in the event of a ransomware attack.

Action: SCI discovered the locations of isolated backup systems and services in the on-premises network and the linked public cloud environment. Next, the team identified and exploited vulnerabilities and security misconfigurations to obtain domain administrator privileges and privileged cloud access. Then, the team demonstrated how an attacker could bypass security controls to obtain unauthorized access to sensitive backup systems and data. Finally, the team showed that disclosing, altering, or destroying backup data and immutable volumes would be possible.

Results: SCI provided the client with recommendations to address the vulnerabilities, security misconfigurations, and weaknesses in the security architecture. The organization addressed the findings through a comprehensive remediation plan. Had these problems not been discovered, they could have led to a catastrophic loss of data and threatened the organization's ongoing existence in the event of a cyber-attack.

About:  For more than three years, we have provided managed internal penetration testing, external penetration testing, PCI-DSS vulnerability scanning, and war dialing for the data broker on corporate infrastructure and environments it manages for global banks, global insurance companies, global financial services companies, and other Fortune 100 organizations. The SCI team also acts as cybersecurity subject matter experts for the organization and assists with incident response.

Action: The SCI team conducts more than twenty internal penetration tests annually, quarterly external penetration testing, quarterly PCI-DSS vulnerability scanning, and quarterly war dialing.

Results: The team regularly identifies and reports on vulnerabilities to improve the security posture of the organization and its clients.

About: The Broker-Dealer was in business for more than twenty years.

Action:  We performed an annual penetration test for the organization, focused on the external attack surface and the internal network, and identified several critical vulnerabilities due to the legacy protocols present and security misconfigurations in Active Directory. These vulnerabilities could be leveraged by an unauthenticated attacker in the environment to obtain valid credentials and escalate privileges to domain administrator.

Results: SCI provided the client with recommendations to address these vulnerabilities and later verified the remediation of the vulnerabilities, resulting in vastly improved security posture.

About: The business was recently acquired by the parent organization, who hired SCI to perform a penetration test on the organization’s on-premises and cloud-based assets.

Action: SCI identified several critical vulnerabilities in the environment. These vulnerabilities could be leveraged by an unauthenticated attacker in the environment to obtain valid credentials and escalate privileges to the domain administrator. The penetration test results helped inform and prioritize the migration of the financing business’s assets to the more secure environment of the parent organization.

Results: SCI provided the client with recommendations to address these vulnerabilities and later verified the remediation of the vulnerabilities, resulting in an improved security posture. The client was pleased with the results and the reduced likelihood of a potential breach while migrating the acquired business’s assets.

About: The national organization helps detect and prevent online fraud and money laundering. SCI performed a product security assessment on the organization’s payment gateway.

Action: SCI identified a credit card tokenization service flaw that allowed it to conduct a man-in-the-middle attack and obtain valid primary account number data from credit cards submitted on the website.

Results: The client discovered that a code regression caused the flaw in the credit card tokenization service and immediately fixed the flaw. Exploiting this flaw could have resulted in credit card data theft, financial loss through regulatory penalties, and reputational loss.

About: SCI conducted a purple team engagement for the organization in a hybrid on-premises/remote format.

Action: SCI identified gaps in the security controls related to attacks that were neither blocked nor detected to prevent lateral movement among subnets and a critical vulnerability that allowed privilege escalation to the domain administrator.

Results: SCI provided the organization with an out-of-band report to quickly remediate the critical vulnerability. The organization determined that the vulnerability had been discovered in a prior penetration test and fixed. Still, the system administrators continued implementing a process that led to the vulnerability reemerging in the environment. The engagement led to improvements in this process and the implementation of auditing controls to detect this security misconfiguration if it were to reemerge.

About:  SCI performed penetration testing and cybersecurity assessments for a large electric generation and transmission cooperative in the U.S.A. The test plan involved the discovery and characterization of unknown risks for the organization.

Action: SCI performed an internal penetration test on the corporate network, boundary testing between the IT and OT networks, and a security assessment of an OT environment. We identified several critical vulnerabilities due to the legacy protocols present and security misconfigurations in Active Directory. These vulnerabilities could have been used to escalate privileges to Domain Administrator, then leveraged to cross the boundary between IT and OT.

Results: We provided the client with recommendations to immediately address critical vulnerabilities and validated remediation, resulting in significant and immediate risk reduction. This resulted in the G&T Co-op becoming a reference client for SCI.

About: SCI performs annual penetration testing on the in-flight entertainment and satellite communications system, from a large satellite and terrestrial network provider.

Action: The testing is performed in a lab environment on the aircraft communications system which consists of both hardware and software components. The testing addresses insider threats from both the cabin and the electronics bay, as well as attacks that could originate in the passenger cabin.

Results: Each year, we pair two senior penetration testers who excel in different types of testing (e.g., 802.11 wireless and hardware hacking). With each release, we continue to discover new security weaknesses, keeping the system secure and compliant with FAA security requirements. 

About: SCI performed a penetration test on a widely deployed physical security information management system used by the US Department of Defense.

Action: We performed penetration testing on the system, which consists of video surveillance and device management software, access control software and hardware, wired and wireless cameras, and other types of sensors.

Results: We identified misconfigurations and vulnerabilities that could allow unauthorized access to camera management and that made the system non-compliant with DISA STIGs. We provided recommendations to remediate these findings and subsequently verified remediation, bringing it back into compliance with DISA STIGs. Our third-party attestation provided the required security assurance for government procurement teams. 

About: We performed a penetration test on the vendor remote access solution for one of the USA's largest building and manufacturing innovators. We were asked to determine the operational impact from a compromised vendor-access perspective for the organization.

Action: The testing was narrowly scoped to attempt to “break out” of the vendor access to the OT manufacturing environment. The vendor is provided with a low-level user to the remote access endpoint.

Results: We were able to elevate the privileges of the low-level user to break out of the sandbox and move laterally to the OT environment through a direct-connected dual-homed device. We provided recommendations to the client to architect a secure remote access solution that followed security best practices and properly segmented OT networks.

About: A collection of 60+ school districts in NY.

Project: Penetration testing with initial access using both assumed breach and rogue device scenarios; tested Student Information System (SIS) on premises and SaaS applications.

Action: While testing, discovered critical ransomware attack in progress, stopped the threat actor and performed counter-intel activities.

Result: Stopped ransomware actor before encryption event. Explored known attacks leveraged by threat actor to identify the extent of the breach. Identified several additional critical threats to the organization on how an attacker could escalate privileges, assisted org to reduce these to lowest possible levels.

About: Highly regarded online educational institution.

Project: Found exposed student information on a public website hosted by the school.

Action: Reported findings to university after validating the finding. Information was removed within hours of report to remove exposure, worked with university to review access logs on server to track who accessed the information and identify extent of exposure.

Result: University was able to avoid reputational damage and costly fines.

About: Leading doctoral and NCAA 1 university in Southeastern U.S. with over 45k student enrollment. Recognized in 2004 by the Department of Homeland Security and the National Security Agency as a National Center of Academic Excellence in Information Assurance Education.

Project: SCI obtained domain administrator privileges in the internal network through a combination of vulnerabilities identified throughout the testing. Cumulatively, the vulnerabilities identified posed a high risk to the university.

Result: Reported vulnerabilities out of band as they were discovered to give the university as much time as possible to plan remediation. Worked with the IT team to verify remediation of all critical and high vulnerabilities within ninety days, reducing operating risk to acceptable level.

About: Top 20 nationally recognized university located in Southern U.S.

Project: Performed external penetration testing to identify potential areas exposed to cyberattacks and information systems breaches.

Action: Provided actionable recommendations in pursuit of GLBA compliance.

Result: University was ecstatic with the results of the testing compared to previous vendors. Recently contracted SCI to conduct internal penetration testing.

Action: SCI prepared the Defense Contractor for Cybersecurity Maturity Model Certification (CMMC) v2.0 Level 1 certification and the AWS environment for FedRAMP certification, leveraging a cloud-native offensive platform (CNOP).

Results: The deployment of the CNOP facilitated compliance with CMMC v2.0 Level 1 and increased organizational maturity towards achieving CMMC v2.0 Level 2 certification. Additionally, SCI completed the preparation of the Defense Contractor’s AWS environment for FedRAMP certification. In the future, SCI will facilitate the Authority to Operate (ATO) with the FedRAMP C3PAO and Sponsoring Agency.

Action: SCI participated on the team to conduct an independent review of all deliverables produced by a third-party testing lab, including functional test plans, source code test plans, and security test plans based on the Federal 2005 Voluntary Voting System Guidelines (VVSG), 2021 NYS voting laws and regulations, and the system’s source code review results.

Results: SCI co-authored public reports that describe the deliverables reviewed by the team, a list of the discrepancies discovered during testing, discrepancies that still need to be fixed, and an overall work breakdown.

Action: SCI participated on the IRS Penetration Testing and Code Analysis (PTCA) team in security risk management, source code scanning, penetration testing, and red teaming. This consisted of providing subject matter expertise consultation for automated application vulnerability scanning and analysis, web application penetration testing, enterprise red team activity, conducting effective source code security reviews, assisting with security incident response and threat hunting, testing mobile applications, remediation verification, and assessment of high-value software assets.

Results: SCI's actions had a tangible impact on the IRS's security of individual systems and the enterprise. Through threat-driven penetration testing and red teaming, SCI identified accurate and impactful findings that other teams did not find. Our SAST scan reporting effectively discovered and provided high-context remediation advice to address security concerns before applications were deployed in production.

Action: SCI participated on the ESTi team in secure source code development and analysis enablement. This consisted of learning advanced IRS-specific secure code analysis processes and techniques, performing source code security reviews, helping application development teams onboard their applications for automated source code security analysis, training developers in source code security review, and automating functional and security testing in software development.

Results: SCI delivered high-touch support to multiple IRS projects, helping to improve public-facing and internal web application security posture. By collaborating closely with project teams, we successfully implemented robust security test cases that ensured compliance and protection against emerging threats. Our expertise also empowered IRS teams to adopt industry-leading security practices, enabling them to confidently deploy secure code. We trained teams to effectively use security tools, integrating them seamlessly into their software development lifecycle. This comprehensive approach ensures that secure coding practices become a core part of every deployment, safeguarding critical government systems and protecting sensitive data.