The RisottoCorp trusted agent asks if the red team has been active on the RisottoCorp DMZ server. You say yes.
”I have some logs showing that our business critical Apache Spark application was hanging for hours this morning. Was that your activity?”
You swallow the lump in your throat and say yes.
“That application was supposed to be marked as business critical in the scope document! Its availability is crucial to RisottoCorp. We have a serious problem now. I’m going to have to go to my leadership and explain what happened.”
You’re puzzled how it’s possible that a business critical application was left available in the DMZ for all the world to access with no authentication mechanism whatsoever. And how this business critical application also had a trivial code execution vulnerability against it. But it doesn’t matter. You missed a glaring safety concern and exploited something that was or should have been out of scope.
The SecureEnt/RisottoCorp relationship has been damaged and your team may never get another contract with them.
Your team lead is furious. ”So not only did we go out of scope, but you also used unencrypted Ngrok in TCP mode to catch your incoming shell? Across the open internet?? With no authentication????”
She says that she is going to meet with you on Monday to discuss your position on the team. Better sharpen up that resume.