Case Study: Leading NBFC strengthens internal security with ValueMentor penetration testing

Case Study About Penetration Testing in Dubai

Leading NBFC, a leading non-banking financial company in the UAE, engaged ValueMentor to conduct a large internal penetration test across its business-side IT environment. The challenge was to assess a complex production network spanning 200+ servers, 200+ network devices, 50+ applications, and about 2,000 workstations, while safely simulating an attacker who had gained a foothold through an endpoint.

ValueMentor used a production-safe internal VAPT approach, with four security teams testing workstations, network access controls, servers, and applications in parallel using tools such as Kali Linux, Nmap, Burp Suite, Nessus, and Metasploit Pro. The assessment uncovered unused Windows XP systems, weak controls, SQL injection flaws, insecure FTP-based data retrieval, and inconsistent patch management, ultimately enabling the team to reach core network systems and obtain domain administrator privileges.