A Pentest Wednesday® Story
For a large chemical manufacturer operating across continents, security was more than a compliance checkbox. It was a question of safety, uptime, and intellectual property protection. When the company put its defenses to the test, NodeZero® uncovered domain compromise paths in minutes, forcing a shift from assumptions to evidence.
Impact
As part of M&A due diligence, Nodezero was used to proactively baseline and validate any network security risks of the acquired company. In its first baseline pentest, it uncovered 79 security weaknesses leading to 71 business impacts, and 27 compromised credentials across 53 endpoints. Within 35 minutes, four unique paths to domain compromise were proven by exploiting Zerologon and noPAC vulnerabilities. The compromise escalated to ransomware exposure across nearly 200,000 sensitive files containing both trade secrets and employee data.
Following the acquisition, the company conducted 40 new NodeZero pentests across 20 additional remote sites over the next 10 months. The results provided a clear roadmap for prioritizing the most critical business risks, replacing uncertainty with measurable evidence of improved security posture.
Within 35 minutes, NodeZero proved four unique paths to domain compromise — escalating to ransomware exposure across nearly 200,000 files.
Background
This global enterprise is a leader in advanced materials and chemical manufacturing, operating in more than 60 countries. Over the past ten months, NodeZero has been adopted at 20 major sites across the U.S., EMEA, and APAC — part of a much broader global rollout.
Each facility runs a hybrid IT/OT environment, where testing must be safe for live production networks and consistent across local conditions. The company’s corporate IT landscape adds another layer of complexity: multiple identity domains carrying years of configuration debt from prior acquisitions and restructurings.
Such environments often contain inherited weaknesses that create repeated opportunities for lateral movement and chained identity attacks — the kinds of exposures that traditional vulnerability scanners often overlook or downplay.
Embracing the “Pentest Wednesday” mindset, the company’s leaders made continuous validation part of their culture, following a simple, repeatable rhythm: Find, Fix, Verify.
“We started small — two APAC factories where we could be on site. Once they saw NodeZero was safe for production, we moved to seven more sites in weeks. From there it became the playbook: baseline locally, verify remotely, and roll it out everywhere.” — Horizon3.ai Customer Success Team
Mitigation
The security team moved quickly. Following NodeZero’s step-by-step remediation guidance, they prioritized the most critical weaknesses first, closed all paths to domain compromise, and eliminated 53 additional weaknesses in the process. A follow-up pentest confirmed those fixes worked and revealed 24 new weaknesses introduced by ongoing infrastructure changes, proving that remediation is never static.
At the operational level, the company adopted a segmentation-first strategy. NodeZero testing began by proving that isolation between IT and production zones existed, ensuring production systems were unaffected. Once confidence was built, scope expanded and NodeZero uncovered lateral movement paths, identity exposures, and chained weaknesses that vulnerability scanners had not detected.
“It wasn’t about testing every Wednesday. It was about building a repeatable and scalable process, pairing changes with validation — find it, fix it, and prove it. This motion has been proven across 20 unique manufacturing sites with more to follow.” — Horizon3.ai Customer Success Team
Remediation
Scaling this approach required both discipline and trust. The company piloted NodeZero at two APAC factories, where on-site testing established safe baselines. After those visits, remote retests from a regional hub confirmed that controls held, creating a model that balanced local empowerment with enterprise consistency. Within weeks, seven more sites were added, and soon the program expanded globally, with over 25 new sites scheduled for next year.
The strength of the program became clear when it was tested against critical Citrix vulnerabilities. Horizon3.ai’s Rapid Response service detected potential exposure in the company’s public-facing infrastructure related to CVE-2023-3519 — a zero-day that was being actively exploited — along with CVE-2023-3466 and CVE-2023-3467. Horizon3.ai’s Customer Success team promptly notified the company via a Flare alert, enabling them to validate quickly that none of the vulnerabilities were exploitable in their environment. The incident reinforced how early visibility and proactive validation build readiness long before attackers can take advantage.
Over the last year, the company focused on baseline testing and addressing the most critical issues with haste:
- They executed 40 internal pentests, totaling 764 NodeZero hours of testing, equivalent to more than 9,000 hours of human-based pentesting.
- The team followed step-by-step fix guidance to prioritize and resolve high-impact issues, closing the most critical exposures first.
- The organization institutionalized retests as a first-class step, running validation pentests after remediation to prove critical paths were closed without operational disruption.
This operating rhythm compressed mean time to remediation (MTTR), produced defensible audit evidence, and established a common operating picture across their plants and business units.
Conclusion
For manufacturers, where uptime and safety are paramount, and intellectual property is a core asset, the Pentest Wednesday mindset represents more than a theme. It is a discipline.
This chemical manufacturer’s journey shows that M&As can be de-risked early in the acquisition process, leading to faster IT integration, and replace assumptions with evidence:
- Patches and policies are validated against real attacker behavior, not just documented on paper.
- Remediation cycles accelerate because every fix is verified.
- OT safety is preserved by starting with segmentation testing and expanding scope carefully.
- Local teams are empowered to test and re-verify on their own, creating a sustainable security culture.
What began as a pilot at a single site scaled to 20 locations in less than a year. Today, every engagement provides a roadmap for exposures to be closed, attack paths to be eliminated, and the company is safer than it was before.
That is Pentest Wednesday in action — moving from compliance checkboxes to proven resilience.