Selected work

Portfolio

A selection of anonymised case studies from recent engagements. Details have been sanitised to protect client confidentiality.

Web Application

E-Commerce Platform Security Assessment

Retail sector client

Comprehensive web application penetration test of a high-traffic e-commerce platform serving 500k+ users. Identified critical authentication and authorisation flaws.

  • SQL injection in checkout flow
  • Stored XSS in product reviews
  • IDOR exposing customer PII
  • Broken access control on admin API

12

Critical Findings

8

High Findings

3 weeks

Engagement

Red Team

Financial Institution Red Team Exercise

Financial services client

TIBER-EU compliant red team exercise simulating advanced persistent threat actors targeting a tier-1 financial institution. Scope included physical, social engineering, and technical vectors.

  • Initial access via spear phishing
  • Lateral movement across 3 domains
  • Physical access to server room
  • Exfiltration undetected for 6 days

6

Attack Paths

4 weeks

Engagement

TIBER-EU

Framework

Cloud Security

AWS Infrastructure Security Review

SaaS provider

Cloud security posture assessment of a multi-account AWS environment. Covered IAM, VPC configuration, S3 bucket policies, encryption, and compliance against CIS AWS Foundations Benchmark.

  • Overprivileged IAM roles across 12 accounts
  • Public S3 buckets containing sensitive data
  • Unencrypted RDS instances in production
  • CloudTrail logging absent in 3 regions

34

Findings

CIS L2

Benchmark

2 weeks

Engagement