Executive Summary
SP Crude Oil engaged Cyborgenic to perform a comprehensive Vulnerability Assessment and Penetration Testing (VAPT) across 4 locations and 26 IPs. The assessment combined automated scanning (Nessus, OpenVAS) with manual penetration testing (Burp Suite, Metasploit) to identify and validate security vulnerabilities.
The engagement uncovered critical issues such as unsupported operating systems, expired TLS certificates, and outdated network components, enabling the organization to take targeted remediation actions and significantly improve its overall security posture.
The Challenge: Security & Infrastructure Risks
Before the engagement, SP Crude Oil faced:
- Regulatory compliance requirements
- Network-related issues across multiple locations
- Lack of structured vulnerability visibility
- Presence of outdated and unsupported systems
The Solution: Cyborgenic’s VAPT Methodology
Cyborgenic followed a standard VAPT lifecycle approach:
- Planning & Scope Definition
- Defined scope (4 locations, 26 IPs)
- Finalized testing approach and timelines
- Established rules of engagement
- Reconnaissance & Information Gathering
- Conducted initial scanning using Nessus and OpenVAS
- Identified open ports, services, and entry points
- Scanning & Enumeration
- Performed network and service enumeration
- Identified exposed systems and vulnerabilities
- Vulnerability Assessment
Key vulnerabilities identified:
- Unsupported Windows OS
- Expired TLS Certificates
- Unsupported Brocade Fabric OS
- Configuration weaknesses
- Penetration Testing (Exploitation)
Manual exploitation was performed using:
- Burp Suite – for web application testing
- Metasploit – for exploitation and validation
Activities included:
- Exploiting identified vulnerabilities
- Simulating real-world attack scenarios
- Validating risk impact
- Post-Exploitation
- Assessed privilege escalation possibilities
- Checked lateral movement within network
- Evaluated overall impact
- Reporting
Delivered a detailed VAPT Report including:
- Vulnerability details with severity
- Proof of Concept (PoC)
- Risk impact analysis
- Remediation recommendations
- Re-Scanning & Validation
- Conducted re-testing after fixes
- Validated vulnerability closure
- Ensured improved security posture
Key Deliverables
| Service Component | Description |
|---|---|
| Vulnerability Assessment | Identification of vulnerabilities using Nessus & OpenVAS |
| Penetration Testing | Exploitation using Burp Suite & Metasploit |
| VAPT Report | Detailed findings with remediation |
| Re-Scanning | Validation of fixes |
The Outcome
With Cyborgenic’s support, SP Crude Oil:
- Identified and resolved critical vulnerabilities
- Improved infrastructure and network security
- Addressed outdated systems and certificate issues
- Strengthened compliance readiness
- Gained visibility into security risks
Conclusion
The SP Crude Oil engagement demonstrates Cyborgenic’s ability to deliver end-to-end VAPT services across multi-location environments. By leveraging a combination of automated tools and manual testing techniques, Cyborgenic helped the organization identify critical vulnerabilities, validate real-world risks, and implement effective remediation measures. This assessment enabled SP Crude Oil to enhance its security posture, reduce risk exposure, and move closer to regulatory compliance readiness.