SecureSan Technologies
Resources

Case Studies

Full technical write-ups of representative engagements — what we scoped, how we exploited it, the business impact, and what changed after remediation. Each maps to OWASP, MITRE ATT&CK / ATLAS, and CIS Benchmarks.

Illustrative case studies. The organisations and data in these write-ups are fictional and created for demonstration. Every technique, tool, payload and configuration shown is technically accurate and representative of real SecureSan engagements. Client-attributed case studies are published only with written consent.
Web / API

From a Single IDOR to Full Customer Data Compromise

A single Insecure Direct Object Reference in a FinTech portal, chained with a Broken Function Level Authorization flaw, reached ~1.2M customer records — closed for a 92% risk reduction.

FinTechBroken Access ControlOWASP A01:20253 Critical
Read the case study
Mobile

Reverse Engineering an Android Banking App

Recovering a hardcoded API key from a shipped APK, bypassing SSL pinning with Frida, and intercepting protected banking traffic — following OWASP MASVS.

BankingFridaSSL PinningOWASP MASVS
Read the case study
Cloud / AWS

A Misconfigured IAM Policy to Full Cloud Compromise

One leaked access key escalated to full AWS account administrator in three permitted API calls, by abusing iam:PassRole and lambda permissions — no exploit required.

SaaSAWS IAMPassRoleCIS Benchmarks
Read the case study
Red Team

From a Phishing Email to Enterprise-Wide Ransomware

A full-scope red team: one spear-phishing email to Domain Admin in under six hours, undetected — then a purple-team exercise that lifted detection coverage 4×.

ManufacturingMITRE ATT&CKActive DirectoryPurple Team
Read the case study
AI / LLM

Prompt Injection Against an Enterprise AI Assistant

Indirect prompt injection plus an over-privileged retrieval tool made a RAG assistant disclose confidential documents across matter boundaries — mapped to the OWASP LLM Top 10 (2025).

LegalPrompt InjectionOWASP LLM Top 10MITRE ATLAS
Read the case study
← Back to SecureSan Technologies