Bank cyber security, Pen testing cybersecurity

Bank cyber security, Pen testing

Financial services
Bank cyber security, Pen testing
Location USA
Branch Financial services
Technologies
PT Security SE
Solution
Mobile applications
Terms
3 months full complete

Testing the borders, strengthening protection

The client is an international bank with total assets of USD 900 million. The bank offers a full range of banking services for private and corporate clients. We were asked to conduct a penetration test using social engineering and try to gain access to the bank's internal network by manipulating its staff. In this way, the Client wanted to test the effectiveness of existing security solutions in combination with cyber hygiene awareness campaigns among employees.

WHAT WAS DONE

TESTING STAGES

Reconnaissance:

  • It took us a week to study the client’s systems. We gathered information about the software, OS, browsers, antiviruses, email clients, etc. used by employees. We also focused on the email format and other elements of corporate identity, news and events in the company – everything that could make the email, phishing site, and targeted attack more credible.

FEATURES

Despite the maturity of the client’s cybersecurity, after a week of reconnaissance, we managed to bypass security services and penetrate the system using one of the classic tricks – sending emails with malicious attachments.

Sandbox bypass vulnerability:

  • We found that the client uses a sandboxing system that analyzes attachments to detect malware. This system executes untrusted code in a restricted environment, analyzes what actions it performs on the system, and determines whether the file is safe or not. This method prevents phishing attacks via attachments of any type.

We applied special training methods to determine how to bypass this filter. By analyzing how the system runs and learns the file’s process tree, we were able to develop malware that tricks the sandbox. We prepared a new payload that passed through anti-virus, file signature and behavioral analysis, and activated the code after only a few days without being detected as malware.

Hacking scenario:

  • Despite the variety of creative approaches aimed at misleading employees, from a technical point of view, it all boils down to two actions: phishing to steal account data and running an executable to infect the device. In our case, opening and launching an email attachment was the trigger for the script’s successful operation.

RESULT

Having identified the sandbox bypass vulnerability, our malicious email passed the security stage and the dropper was activated on one of the employee’s devices. Next, we established a connection and, through file sharing, found an opportunity to hijack certain accounts, find misconfigured backup access, and work our way through the network to take over the domain. After completing the testing, we provided a list of possible measures to restore the required level of security and helped the bank to patch the security gaps as soon as possible.

our projects/

Cyber security for a Transport Company
Cyber security for a Transport Company
  • Backend
  • cybersecurity
Banking security WIFI Pen testing
Banking security WIFI Pen testing
  • Backend
  • cybersecurity
Improve Bank cyber security
Improve Bank cyber security
  • Backend
  • cybersecurity
Blackbox Pen Testing
Blackbox Pen Testing
  • Backend
  • cybersecurity
More projects
Chat with manager
1827 starlight harapan baru1828 starlight super dahsyatxxxx driver gocar menang besar mahjong wins 3 awsbetxxxx pola jitu rtp akurat mahjong wins 3 awsbet jackpotrtp tinggi mafia mayhemkunci keberuntungan dragon hatch2sensasi main tak terlupakan cocktail nightsepic spin cuan gacor beruntunpola jackpot dahsyat fortune snackjackpot tanpa henti cruise royalejackpot siap mendarat ke dompet mahjong ways 2petualangan jackpot mahjong wins 3mega rezeki mahjong ways 2keberuntungan luar biasa ways of the qlinrahasia gates of olympus abc1131 pola maxwin terbarurtp live hari ini abc1131 strategi menang tanpa batasblack scatter mahjong wins abc1131 4 trik maxwinarena 100 pemain mahjong ways abc1131 scatter emaspola scatter bertingkat mahjong ways 2 abc11310822 pola mixparlay 3 tim agen profit hadiah smartphone0823 strategi maxwin gates of olympus agen profit terbaru0824 pemuda surabaya jackpot 150 juta agen profit0825 rtp gates of olympus agen profit rahasia menang0826 menang besar gates of olympus agen profit satu akungame gacorrtp game habanerobocoran rtp game spade gaminggame pg softbocoran rtp game joker123buka kunci misteri teknik revolusioner untuk meraih jackpot di gates of olympus tanpa keringatmitos atau fakta rahasia di balik gacornya sweet bonanza terungkap anda siap cobasembunyikan wild di slot zeus pgsoft ini trik curang bikin slot lebih serurahasia tersembunyi apakah kamu siap menerobos alam olympus dengan trik menakjubkanslot mahjong ways rahasia cepat membaca scatter apakah anda siap melibas jackpot besartrik gachor mahjong hoki maksimalrezeki hujan deras mahjong winsjackpot meledak gates of olympuspetualangan dan jackpot mysterius wild bounty showdownefek keberuntungan gila mahjong wins 3rtp game viprtp tertinggi auto maxwingame server mahjongchulo dan papi kembalinya persahabatan yang terenggut mahjong winssabung ayam onlinegame mahjong wayssitus sabung ayam sv388sbobet agen mix parlay terpercayagame princess x1000game cheat x5000pak gandi menang beruntun sabung ayam sv388 abc1131bermain sesukamu abc1131 kemenangan modal minimmetode maxwin gates of olympus abc1131 terbarubocoran kode spin wheel abc1131 bonus gratisyanto menang 10 juta dalam 10 menit di abc1131strategi jackpot scatter hitam putaran tak biasatips cocktail nights rtp live maxwin abc1131curacao e gaming rtp live abc1131 jackpot 2025abc1131 menang muri wild coaster rtp live tinggidata rtp live abc1131 bet 400 kejutan maxwin0813 akun pro thailand awsbet modal receh mahjong ways 20814 metode menang modal receh akun pro awsbet curacao0815 rtp live wild heist cashout awsbet jackpot 20250816 inovasi maxwin mahjong ways 2025 perhatian nasional0817 driver gocar menang besar mahjong wins 3 awsbet0818 mahjong wins 3 black scatter 2025 rtp lebih akurat0819 5 provider game awsbet jackpot mudah 20240820 rtp dan freespin mahjong ways jackpot beruntun0821 strategi baru awsbet menang di starlight princessrtp dahsyat mahjong ways 2putaran epik jackpot maksimal mahjong wins 3kejutan rezeki manis sweet bonanza xmasspin beruntun gates of olympusbadai hujan koin spadegamingputaran legendaris mahjong wins 3jackpot tak tertandingi bonanza goldpetir keberuntungan starlight princess 1000xgelombang rezeki big bas dicejackpot mewah mahjong ways 2jackpot besar mahjong wins 3 menunggupeluang kemenangan berlipat mahjong ways 2hujan emas sea fantasymega bonus tanpa henti mahjong winsakun jackpot keuntungan besarpola scatter baru sweet bonanza awsbet saat inaugurasiadmin bjorka abc1131 bocorkan algoritma wolf goldsitus game jackpotsitus game mega maxwinchulo papi sukses paksa situs game olympusgame pg soft gacorsitus game pragmatic playsitus game server thailand luar negeri asli super gacorsitus game terpercayamengenal lebih dekat game hack sweet bonanzasweet bonanza xmassitus game tergacorakun pro vip game server kambojamahjong gampang maxwingame88game777game akun gacor spesial vipgoogle rilis aplikasi engine freespin wild banditostrategi mahjong wins menang besar setiap hariinovasi baru abc1131 strategi mahjong wins 33 cara wajib coba mahjong wins hasil mengejutkanmanfaat pola dan rtp abc1131 penjelasan lengkapabc1131 ungkap pola rahasia menang besarstrategi 3 menit jackpot bombastis pragmatic playtrik putaran mahjong ways cuan jutaan rupiahtukang bakso bandung bocoran rtp dan pesta scattertutorial bonus rollingan dan jackpot di abc11311822 mahjong maling bandar nakal1823 mahjong siap beraksi1824 mahjong depo terus1825 mahjong jadi jutaan1826 mahjong butuh penantianheylink macauklubheylink asiaklubheylink hksbetheylink kapten76heylink mpoxoheylink garuda76garuda76asiaklubmacauklubasiawin189 1asiawin189 2asiawin189 3asiawin189 4asiawin189 5rawit303amp rawit303mpoxl