Case Study

How Hadrian helped critical infrastructure company CTC Global gain a holistic overview of their attack surface

Electric Manufacturer | California, USA



Implementation of operational technology often does not involve IT security professionals leading to rapid implementation of a variety of technologies with different security protocols.

Production pipelines rely on never-before-connected operational technology like ICs, PLCs, and SCADA. Previous security strategies that relied on isolating networks are no longer practical.

Reliance on a complicated network of third party suppliers leave manufacturers particularly vulnerable to supply chain attacks


Hadrian was leveraged by CTC Global to provide a holistic overview of the attack surface which included unknown assets.

Hadrian’s autonomous red teaming emulated a hacker’s approach to testing and provided real-time insights into asset context and risk.

Past insights were used to run targeted tests which identified critical risks.

Hadrian reevaluated the attack surface at regular intervals and adapted to changes in the environment with continuous security validation.


About CTC Global

Founded in 2003, CTC Global is a global technologies and electric company based in California. CTC Global has 200+ employees and over 1000 projects in 60+ countries.

The company manufactures its own production equipment and tooling and seeks to balance the benefits of automated production with security. 







Group 3901


Comprehensive Attack Surface Management and Asset Mapping

Hadrian started mapping CTC Global’s attack surface without prior internal knowledge of CTC Global’s network. The outside-in approach allowed Hadrian to identify assets that CTC Global did not know they had but which were visible to cybercriminals.

Hadrian used open source information, active scanning, and its own passive knowledge to discover previously unknown assets across 23 domains. 10s of 1000s of scans allowed Hadrian to easily identify and connect assets helping CTC Global to navigate its changing attack surface.

Scans performed


Cloud Platforms monitored


Critical risks found



Using Industry Insights to Identify Potential Attack Vectors

Hadrian focused on high-risk areas of the attack surface in order to identify assets most likely to be used in exploits. For example, Hadrian’s knowledge of common exploits performed on manufacturing companies led to identification of the cloud as high-risk.

Hadrian flagged and began testing the assets most likely to play a role in common cloud security attacks. High risk assets included static holistic sources such as S3 buckets, Azure Blob Storage, and Google Cloud Storage. S3 buckets were of particular interest, because they could be used for XSS attacks and subdomain takeovers. 

Simulating Attacks with Modular Technology

Hadrian is built on modular technology. Modular technology broke complex exploits into smaller sections, or ‘modules’. These smaller sections were combined and run in a variety of sequences allowing for flexibility. Hadrian determined which sequences to run based on past insights and context which modules passed between themselves.

Modularity meant that, when analyzing CTC Global, Hadrian could pivot and make decisions regarding next steps with the same adaptability as a human cybercriminal.

For example, after flagging the S3 buckets, Hadrian deployed a hacking module which tested the exposure of sensitive files stored in the bucket. Based on whether or not access was possible, Hadrian deployed new modules which browsed the files for confidential information.

Hadrian quickly gained access to login credentials and personally identifiable information stored in one of the S3 buckets. Hadrian flagged the data breach as highly critical allowing for nearly immediate remediation.
Hadrian will continue to deploy tests overtime in response to changes in CTC Global’s IT infrastructure. Continuous insights will contain identification of new assets, asset context, risk prioritization and remediation suggestions.