About security testing:
Social engineering
During this social engineering engagement, it was possible to achieve persistent internal access, exfiltrate confidential and personal information, and compromise the internal segmented infrastructure.
Client-Bank application compromise
This case is a very good example why manual penetration tests are valuable – the team achieved compromise without administrator access to the application, not using any known exploits or discovering injection/deserialization/other RCE flaws.
Application Threat Modelling and Phishing Attack Chain Case
A threat model helped prioritize vulnerabilities, leading to the identification of a phishing attack chain that bypassed MFA and allowed unauthorized transactions.
