A good example of what continuous penetration testing turns up. OSec obtained root access on a system by chaining several vulnerabilities identified over time. That gave our team, and would have given attackers, full access to a range of sensitive data.
By combining information disclosure, WAF bypassing, local file inclusion, and a pkexec vulnerability, OSec was able to obtain access to a system and enumerate hosts, file shares, credentials, and establish persistence.
One of the key vulnerabilities had not been identified initially, and it was only with the release of a new CVE that allowed OSec to complete this attack chain. This exploit chain carries a critical risk rating as it allows an unauthenticated user access to a significant amount of sensitive data.