Case Study: Leading Financial Service Company achieves rapid domain compromise proof and improved incident detection with NetSPI Red Team Testing

Leading Financial Service Company - Customer Case Study

Leading Financial Service Company engaged NetSPI to run a four-day, anonymous scenario-based red team/internal penetration test to evaluate its detective and incident response capabilities. NetSPI used primarily manual red team techniques (internal network penetration testing) with network- and application-level attack vectors only, while social engineering and physical-access testing were out of scope.

NetSPI systematically enumerated hosts, exploited WPAD/NBNS weaknesses to capture NTLMv2 hashes, cracked over 50% of domain passwords within minutes, and leveraged an unpatched Kerberos vulnerability to escalate to domain administrator and access PCI systems—all achieving full domain compromise within a day. NetSPI then simulated detectable attack activity to test response, identified missing controls and multiple escalation paths, and helped the customer prioritize remediation and strengthen detective controls.