Case Studies

parallax background
Our Approach Offensive Security Validations - Showcase maximum damage
Anticipated Outcome
  • Identify vulnerable areas and exploit
  • Extract sensitive I\information
  • Shutdown the central trading systems
Result
  1. Extracted shareholders information – positions, contact information, banking details etc using a SQL injection vulnerability
  2. Shut down trading by disabling all broker logins using a privilege escalation vulnerability
Possible business Impact
  1. Crash of the national economy
  2. Loss of shareholders confidence on data security
  3. Loss of brand image globally
Outcomes
  1. Heightened trustworthiness through elimination of loopholes for unauthorized access, script injection and session handling flaws.
  2. Danger of spoofing and interception attacks averted.

Our Approach Offensive Security Validations - Showcase maximum damage
Anticipated Outcome
  • Identify vulnerable areas and exploit
  • Extract sensitive information
  • Take over the entire system
Result
  1. Extracted patient information – Geographical and contact information, disease and prescriptions, past and future appointments using a SQL injection vulnerability
  2. Tok over the entire server using a file upload functionality
Possible business Impact
  1. Breach of privileged patient information
  2. Exposure of the geographical health index of the country
  3. Complete takeover of clinical systems. Loss of data integrity
Outcomes
  1. Heightened trustworthiness through elimination of loopholes for unauthorized access, script injection and session handling flaws.
  2. Protection from possible corruption of national regulatory information and data used for analytics

Our Approach Offensive Security Validations - Showcase maximum damage
Anticipated Outcome
  • Identify vulnerable areas and exploit
  • Extract sensitive information
  • Shut down the system
Result Created a Denial of Access using a vulnerability that was not patched in the technology stack of the application. The system was down till further intervention
Possible business Impact
  1. Loss of citizen's confidence on government systems
  2. Potential loss of citizen engagement
Outcomes
  1. Systems hardened to avoid exploits of zero days and unpatched vulnerabilities
  2. Increased monitoring on systems handling sensitive information