CRITICAL2024

Domain Compromise in 4 Hours - Healthcare Network

Internal Network Penetration Test

The Scenario

A regional healthcare network with 8 hospitals and 12,000 employees commissioned an internal network penetration test. The client had recently passed a HIPAA audit and considered their Active Directory environment hardened.

The Impact

Starting from a guest network drop point, our team achieved full Domain Administrator access within 4 hours and 12 minutes. Patient records, medical devices, and financial systems were within reach.

The Outcome

The engagement revealed that HIPAA compliance did not equal security. The client implemented a 90-day remediation plan, segmented their network, and engaged RedOps for quarterly testing.

Exposure Avoided

$10M+.

Attack Path

Critical

Kerberoastable service account with weak password (cracked offline in 8 minutes) had Domain Admin membership

Critical

Unconstrained Kerberos delegation on legacy print server allowed privilege escalation via printer bug (PrintNightmare)

High

SMB signing disabled across 847 workstations enabling NTLM relay attacks from guest VLAN

High

Medical device VLAN reachable from corporate network - 43 internet-connected devices running Windows XP

Request a Similar Audit

Secure Your
Infrastructure

Don't wait for a breach to happen. Let our elite operators identify your critical vulnerabilities first.