Case Study: Major Financial Services Company achieves demonstrated domain compromise and strengthened detection & response with NetSPI Red Team

Major Financial Services Company - Customer Case Study

Major Financial Services Company engaged NetSPI for a four-day, anonymous scenario-based internal red team engagement (NetSPI Red Team) to test network- and application-level attack vectors, evaluate detective and incident response capabilities, and determine whether full network compromise could be achieved without social engineering or prior intel.

NetSPI performed manual internal penetration testing—passive host enumeration, WPAD/NBNS poisoning to capture NTLMv2 hashes, GPU-accelerated cracking, exploitation of an unpatched MS14-068 Kerberos flaw, lateral movement and jump-host backdoors—to escalate to domain administrator in one day, crack over 50% of domain passwords within minutes, and access PCI systems and cardholder data. NetSPI’s findings exposed detection and control gaps, prioritized remediation actions, and helped the client strengthen detective controls and incident response.