Credential and Network Exposure Review
Layered testing gave an accounting firm a clear plan to strengthen employee readiness and reduce internal network risk.

Industries
Accounting
Services
Security Awareness Testing,
Vulnerability Assessment,
Penetration Testing
About the project
An accounting firm wanted an independent view of how well its employees, email defenses, and internal network would stand up to common attacks. The stakes included client confidentiality, access to financial records, and the disruption that could follow a compromised account or unpatched system.
Vigilus combined repeated phishing simulations and credentialed vulnerability scans with an assumed-breach penetration test. The goal was to measure real behavior, validate technical controls, and turn the findings into practical priorities for the firm and its IT team.
What we did
- We ran multiple phishing simulations that tested both email filtering and employee response. In the first round, no one clicked or submitted credentials, but the messages were not reported. A later, more targeted simulation led to visits to the test page and a credential submission, showing that reporting procedures and awareness training needed more attention.
- Credentialed vulnerability scans checked the firm’s internal network against current security guidance. Across the assessments, we found outdated or unsupported software, weak service settings, and missing safeguards. We ranked the highest-impact issues and provided practical steps for patching systems, hardening network services, and reducing avoidable exposure.
- An assumed-breach penetration test started with standard remote user access to show what a compromised employee account could reach. We tested common credential attacks, privilege paths, and ways to move between systems. The work uncovered weak account lockout settings, broad administrator access, default device passwords, and a file-sharing protection gap. The password attacks did not recover any account credentials.
- During testing, we identified unusual sign-in activity that could have reflected an active attack or a misconfigured service. We alerted the client and paused further testing so the activity could be investigated without added noise. The final guidance called for stronger monitoring, account lockout controls, and a clear path for escalating suspicious events.
- A later assessment showed that patching and configuration issues remained, so we delivered an updated fix list. Together, the engagements gave the firm a repeatable way to test people and systems, track recurring weaknesses, and focus IT effort on the highest-impact findings.
Technologies Used
Tenable IO
N map
Metasploit
Powershell

Microsoft Active Directory
NIST
OWASP

