About security testing:

Client-Bank application compromise
This case is a very good example why manual penetration tests are valuable – the team achieved compromise without administrator access to the application, not using any known exploits or discovering injection/deserialization/other RCE flaws.

PCI DSS segmentation testing
The team created several hardware connect-back appliances and used it in a PCI DSS segmentation testing engagement to uncover impactful network vulnerabilities.

Social engineering
During this social engineering engagement, it was possible to achieve persistent internal access, exfiltrate confidential and personal information, and compromise the internal segmented infrastructure.