Rex Cyber Solutions | Your Trusted Company For VAPT and Compliance Services

Objective

To simulate a determined threat actor aiming to:

Disrupt manufacturing operations

Exfiltrate critical intellectual property

Test employee vigilance and internal detection capabilities

This engagement combined technical intrusion and human manipulation to mirror real-world attacks.

Outcome

Red Team Attack Chain

Phase 1 Outcome:
Initial access was established in both IT and OT networks, and a physical security breach occurred without detection.

Phase 2 – Outcome:
The Red Team achieved full access to the organization’s crown jewels, including CAD blueprints and supply-chain data.

Phase 3 – Outcome:
The team demonstrated a clear attack path from a single phishing email all the way to production-level controllers.

Key Findings

Time to Initial Access: 1 Day

Time to Domain Admin: 4 Days

Detection by SOC: 0 (undetected)

Human Factor Failure: 3 of 7 engineers clicked the phishing link

Physical Security Gap: Unauthorized entry to OT floor

Network Segmentation: Ineffective IT/OT separation enabling lateral movement

These findings underscored how a sophisticated adversary could move from IT to OT with little resistance.

Client Testimonial

“This was eye-opening. We always thought we were hardened from the outside, but the inside path was wide open — and we didn’t know it. Rex gave us the mirror we needed.”

Client Background

A global auto-parts manufacturer with 12 production plants across three countries engaged Rex Cyber Solutions to test their resilience against sophisticated cyberattacks.

Their environment included:

High-Value Intellectual Property: CAD designs, proprietary tooling configurations, and supply-chain documentation

Core Systems: SAP for ERP and Rockwell-based PLCs for plant automation

Existing Security: A Security Operations Center (SOC) with endpoint detection and response (EDR), SIEM, and a vulnerability management program

Despite these controls, leadership wanted a realistic “attacker’s perspective” to validate defenses across both IT and operational technology (OT) networks.

Incident

Red Team Attack Chain

Phase 1 – Reconnaissance & Social Engineering

Collected intelligence from public sources such as vendor contracts, LinkedIn job postings, and plant shift schedules.

Launched a phishing campaign via a spoofed “production quality alert” domain.

Conducted a physical intrusion, with an operative posing as a “third-party sensor calibration engineer.”

Phase 2 – Lateral Movement & Privilege Escalation

Used harvested credentials to pivot through Active Directory.

Exploited a misconfigured backup server to escalate privileges to Domain Administrator.

Gained access to the design server housing intellectual property and engineering logs.

Phase 3 – OT Reconnaissance

Mapped the OT network via mirrored workstation access.

Identified an exposed PLC interface on an unsegmented VLAN.

Simulated a ransomware trigger event by sending fake shutdown signals on test interfaces (no real disruption was caused).

Recommendations

To close the gaps, Rex Cyber Solutions provided a prioritized roadmap:

Harden Email Security with advanced spoof protection.

Role-Based Security Awareness Training for engineers and supervisors.

Stricter Vendor Onboarding & Physical Access Controls to prevent impersonation.

Enforce Network Segmentation between IT and OT environments.

Deploy Deception Technologies and strengthen endpoint detection/response.

Conduct regular Red Team and Purple Team exercises to continuously validate defenses.

Operation Silent Conveyor

A Real-World Red Team Simulation for a Global Manufacturing Client