Financial Services · Red Team
Closing the path to the cardholder data environment
A global payments provider asked us to test one assumption: could an attacker reach the CDE from a standard employee laptop?
Challenge
Years of point-in-time pentests had each passed, yet leadership had no confidence in how those isolated findings chained together across identity, network, and cloud.
What we did
A full-scope, objective-based red team starting from an assumed-breach laptop. We chained four individually "medium" issues into a single path to the cardholder data environment, then partnered with engineering to sever it.