← Back to Penetration Testing
NEXUS Cybersecurity
DOCUMENT REF NX-PT-2026-[REF]
SECTION 01 — Executive Summary (Extract)
CLASSIFICATION CONFIDENTIAL
Sample — Page 1 of 2
OT/ICS Penetration Test Sample
■ Redacted Sample
About this sample: This document represents the output of the thinking. The value is in the conversations that produced it — the site walk, the stakeholder interviews, the engineering judgements made along the way. What you are reading is the record. The work that matters happened before the first page was written.
No production processes were disrupted during this engagement. All testing was conducted within pre-agreed rules of engagement, with stop conditions in place from the outset. Operational continuity is a precondition of every NEXUS penetration test — not an afterthought.
Engagement Overview
Test Parameters
Client
[REDACTED]
Scope
[REDACTED]
Engagement Type
Grey Box
Test Dates
[REDACTED]
Lead Tester
[REDACTED]
Framework
MITRE ATT&CK for ICS
Executive Summary
Overall Assessment

NEXUS successfully demonstrated a path from the corporate IT network to the OT process control network, achieving read access to PLC configuration data and SCADA process values. No production processes were disrupted and all testing remained within agreed scope and rules of engagement.

The primary attack path exploited an inadequately segmented IT/OT boundary, default credentials on a remote access gateway, and an unpatched engineering workstation used as a pivot point.

Key Findings Summary
By Risk Rating
Critical
[N]
High
[N]
Medium
[N]
Low / Info
[N]
Important: This is a redacted sample. Client identity, specific CVEs, device details, and exploitation evidence are removed. The full report contains complete evidence packages including screenshots, network captures, and reproduction steps.
NEXUS Cybersecurity · Consider It Done.
Confidential — Not for Distribution
Page 1 of 2
NEXUS Cybersecurity
DOCUMENT REF NX-PT-2026-[REF]
SECTION 03 — Attack Chain Documentation (Extract)
CLASSIFICATION CONFIDENTIAL
Section 03 — Extract
Attack Chain Sample
■ Redacted Sample
Attack Chain — Section 3.1
Demonstrated Intrusion Path

The following documents the primary attack path demonstrated during the engagement. Each step is evidence-backed in the full report.

StepTechnique (MITRE)ActionOutcome
01T0817 — Drive-by CompromiseInitial access via phishing simulation to IT workstation within scopeLocal admin access established
02T0822 — Exploitation of Remote ServicesLateral movement from IT to IT/OT DMZ via unpatched RDP serviceAccess to jump server
03T0859 — Valid AccountsDefault credentials on remote access gateway accepted. Access to OT network segment established.OT network presence
04T0846 — Remote System DiscoveryPassive discovery of OT assets from gained network position[N] PLCs, HMIs identified
05T0877 — I/O ImageRead of PLC process values via unauthenticated Modbus TCPLive process data accessed
Remediation Roadmap — Extract
Priority Actions
PriorityFindingRecommended FixEffort
CriticalIT/OT boundary inadequately enforcedImplement industrial DMZ. Restrict all IT-to-OT traffic to explicitly approved paths.Medium
HighDefault credentials on remote access gatewayChange all credentials immediately. Implement MFA. Deploy session recording.Low
HighUnauthenticated Modbus TCPImplement Modbus TCP authentication where vendor supports. Otherwise restrict via firewall ACL.Medium
What this enables: The full Penetration Test Report includes complete exploitation chain documentation with evidence, all findings with reproduction steps, a prioritised remediation roadmap, and a 30-day follow-up verification session.
NEXUS Cybersecurity · Consider It Done.
Confidential — Not for Distribution
Page 2 of 2