In this case study, we examined a multinational content creation platform, whose developers approached our team of GIAC professionals to perform a second-stage, grey-box penetration test against the authentication of their complex web application. This engagement differed from previous assessments with the same client as they provided credentials to the application. Providing credentials enhanced the depth and coverage of the engagement versus an unauthenticated assessment, which may have burned a significant amount of time in not gaining deeper access to the applications in the event of there being no findings - ultimately not providing value to the client. This was clearly reflected in the report and the quality of findings uncovered.

In this case study, we examine a multinational technology company that approached our team of security experts to perform a closed-box penetration test against their complex web application. The client, having previously received annual penetration tests from an external PTAAS (Penetration Testing as a Service) provider, expressed concerns about the quality of findings and their relevance to driving actual security improvement. The focus was on identifying vulnerabilities that had real-world significance, rather than low-impact findings.

A multinational telecommunications provider contacted our offensive team to conduct a security design review of a complex security product under the pre-development stage. The product consisted of several cryptographic operations - a primary area of interest to the client. Our objective was to identify security vulnerabilities, design weaknesses and provide remediation advice for any flaws identified within their proposed design plans.

Secure Impact was instructed to conduct a digital forensic examination for a business communications solutions provider, following allegations that a former employee had taken confidential information and was providing it to a competitor, resulting in loss of business.

When a large  organisation's reputation, income, and customer trust are at stake, it is vital that they have a plan for detecting and responding to security incidents. Whatever the size of the breach, enterprises must have an incident response strategy in place to reduce the chances of being a victim of a cyber-attack.

Corporations and individuals encrypt to protect their sensitive or personal data because it is effective to do so. Sometimes key evidence will lie undiscovered in its encrypted state. This case study is an example of overcoming encryption and obtaining evidence through careful planning and a meticulous approach to constructing a dictionary tailored to the target.

A healthcare provider experienced an alarming increase in incidents and due to the fragmented nature of their environment had no clear view of their attack surface. An external vulnerability assessment was carried out with manual validation of critical findings.