Automated network pentesting uncovers what traditional tests missed

Most organizations run an annual network penetration test, remediate the issues it uncovers, and move on. But attackers are probing networks every day, using publicly available tools to exploit common misconfigurations and overlooked vulnerabilities.

A new report, based on over 50,000 automated penetration tests performed with Vonahi Security’s vPenTest SaaS platform, has shown why once-per-year manual testing isn’t enough.

The tests flagged the same preventable gaps across many organizations. Most frequently, they allowed multicast DNS (mDNS) spoofing, NetBIOS Name Service‌ ‌(NBNS) spoofing, and Link-Local Multicast Name Resolution (LLMNR) spoofing. Since these network protocols rely on broadcast queries, any device on the network capable of receiving them can respond. That opens the door for attackers to trick machines into connecting to rogue systems.

These issues showed up in more than half of all assessments because these protocols are enabled by default. And the reason why they are often overlooked is because they don’t always appear urgent.

For example, a typical vulnerability scan might label LLMNR spoofing as a low-priority issue. But in a real attack, this flaw can be used to capture hashed credentials and escalate privileges. vPenTest shows how attackers would take advantage of it.

Missed patches and default settings persist

The report also highlighted that patching remains a major challenge. Outdated Windows machines and known vulnerabilities like EternalBlue and BlueKeep continue to surface.

These flaws have been known and exploited for years. Their presence shows that many organizations still struggle with patch management, legacy systems, and software compatibility issues.

Misconfigurations are another key problem. Firebird servers with default credentials and weaknesses in Active Directory Certificate Services that allow attackers to gain elevated privileges are present on many corporate networks and can lead to major security failures.

Unfortunately, many organizations do not detect these problems early enough, because traditional penetration tests are limited in scope, expensive, and often performed just once per year. Between those tests, networks change, new systems are added, and misconfigurations go unnoticed.

Finally, the data also indicates that these problems are not limited to a single sector. Critical findings were found across technology, healthcare, finance, and manufacturing, suggesting that the root causes – poor visibility, configuration drift, and inconsistent patching practices – are common.

Why continuous testing matters

vPenTest simulates real-world attacker behavior. It performs a full-blown network penetration test and identifies internal misconfigurations, outdated protocols, and privilege escalation paths that are often missed in compliance-driven assessments.

Solving these problems does not require cutting-edge solutions, but it does require consistency and visibility. Frequent testing lets teams find and fix issues early, often before attackers have a chance to act. vPenTest can be run on-demand or on a schedule, to test organizations’ environments as often as needed without additional staffing or outsourcing.

Compliance today is more than checking boxes

The report makes it clear that preventable gaps such as outdated systems, default settings, and legacy protocols are still widespread.

These weaknesses are not only exploited by attackers but also put organizations at risk of falling short of regulatory standards. Modern frameworks like GDPR, HIPAA, PCI DSS, ISO 27001, and SOC 2 all require regular testing of vulnerabilities. As highlighted here, nearly 70 percent of incidents reported in 2024 were tied to high-impact vulnerabilities that organizations failed to identify or prioritize.

Meeting compliance today means more than passing an annual audit: it requires proving that security controls are effective in real-world conditions and showing that vulnerabilities are consistently addressed. vPenTest helps organizations do both. By automating penetration testing, it provides consistent, repeatable results that keep teams audit ready, while also strengthening daily defenses.

The risks are real

Most cybercriminals forgo complex or novel methods – they rely on public tools to look for basic misconfigurations and missing patches. Once they gain a foothold, they can move quietly through the network.

Networks are always in flux and you need to understand how attackers see yours. That means shifting from point-in-time assessments to regular, realistic simulations that are a very much needed security control.

“One of our customers in the healthcare sector used vPenTest to assess their internal network and discovered that Active Directory Certificate Services (AD CS) was misconfigured, allowing for privilege escalation through certificate abuse. This vulnerability had gone unnoticed in previous manual assessments,” Alton Johnson, Founder and Principal Security Consultant at Vonahi Security, told Help Net Security.

“Thanks to the recommendations outlined in vPenTest’s detailed technical report, the organization was able to reconfigure AD CS permissions and templates to eliminate the escalation path and prevent potential domain compromise, which could have led to widespread data exposure and compliance violations.”

This case highlights how automated network pentesting can uncover deep, systemic issues that traditional methods often miss, particularly in complex environments where attackers can exploit trust relationships and misconfigurations.

It can also show you how small flaws can be combined to become serious threats and – more importantly – will give your team the visibility and knowledge they need to close those gaps before real damage occurs.

“The most urgent takeaway from this year’s report is the pervasiveness of legacy vulnerabilities and misconfigurations that continue to expose organizations to serious risk,” Johnson noted.

“CISOs should prioritize continuous validation of their security posture. This means moving beyond annual assessments and embracing automated, frequent testing to catch vulnerabilities as they emerge. The focus should be on legacy protocols that enable spoofing attacks, ensuring timely patching of systems vulnerable to exploits like EternalBlue and BlueKeep, and auditing internal services for default or weak credentials.”

Download the Top 10 ‌Critical‌ Pentest Findings 2025 report to uncover other frequent network weaknesses and recommendations for mitigating the associated risk.