Lateral Movement
Attack Paths
Continuous visibility across assets, exposures, and remediation workflows.
Observed chains
6
Paths from perimeter access to privileged systems.
Privileged targets
4
Identity and finance systems reachable from exposed assets.
Most likely path
83%
Credential reuse from VPN to admin plane.
Containment actions
3
Compensating controls awaiting validation.
Modeled risk chains
High-confidence paths
Critical
Needs containment
vpn.secureme.io -> SSO token replay -> finance-admin
External access to the VPN gateway can be combined with stale session persistence to reach privileged finance systems.
VPN gateway
SSO replay
Finance admin
High
Mitigation in progress
portal.secureme.io -> SSTI -> kube metadata -> CI runners
Template execution in the public portal exposes service credentials that can pivot into internal automation infrastructure.
Portal
Metadata API
CI runners
Medium
Under review
legacy-jenkins -> weak SSH key policy -> artifact registry
Compromised build credentials can access unsigned release artifacts without manual approval.
Jenkins
SSH policy
Artifact registry