Strobes Red Team Compromises a Leading Digital Bank's Cloud Infrastructure
Through social engineering, credential extraction, and AWS exploitation, Strobes gained full administrative access to a digital bank's production cloud environment.
7,000+
User credentials exposed
150+
Subdomains discovered
20+
AWS keys extracted
$334M+
Company revenue
The Objective
Simulate Real-World Attacks on Cloud Infrastructure
The client wanted to conduct a comprehensive red team engagement to assess AWS infrastructure security, test credential management, simulate real-world attacks including privilege escalation and social engineering, and evaluate how well the internal team can detect and respond to threats in real-time.
- Assess AWS infrastructure security — simulate attack scenarios to identify cloud vulnerabilities
- Test credential management — evaluate security of hardcoded credentials, API keys, and sensitive information
- Simulate real-world attacks — leverage privilege escalation and social engineering techniques
- Improve response readiness — assess detection, response, and mitigation capabilities in real-time
The Methodology
Multi-Step Attack Chain — From Recon to AWS Admin Access
Strobes Security utilized a structured approach involving reconnaissance, credential extraction, social engineering, privilege escalation, and establishing persistence within the AWS environment.
Initial Reconnaissance & SSO Compromise
Discovered 150+ subdomains and 65+ unique IPs. Password spraying on SSO portal led to an employee account. Found sensitive AWS credentials in Teams chat and Jira tickets.
MDM Bypass & Social Engineering
Bypassed VMware Workspace ONE MDM using compromised credentials. Impersonated an employee to IT support to gain VPN 2FA access and connected to corporate network.
AWS Credential Extraction
Extracted ~20 AWS keys from Bitbucket source code, Jenkins QA server, SSH servers, and internal config files. Five keys granted administrator-level access.
Full AWS Admin Compromise
Exploited an inactive admin account — reset password, deactivated MFA, gained AWS Console access. Established persistence by activating MFA with attacker-controlled device.
“The combination of AWS admin access and domain admin privileges created a complete compromise scenario where an attacker could access sensitive financial data, control customer information, and manipulate cloud infrastructure.”
Get the Full Case Study
Download the complete report with detailed methodology, technical findings, and strategic recommendations.
Findings & Impact
The assessment uncovered severe operational vulnerabilities that could have catastrophic consequences for the digital banking platform.
7,000+ Users' Credentials at Risk
Full control over user credentials, risking unauthorized access and security breaches across the platform.
AWS Production Access
Complete access to production AWS environment, allowing potential disruption of core banking systems.
Core Banking System Control
Ability to modify banking systems and manipulate cloud infrastructure, risking financial service disruption.
Detection Gaps Exposed
Existing controls failed due to incomplete cloud-to-on-premise log correlation, legacy blind spots, and siloed security tooling.
Ready to see similar results?
Get a personalized demo of Strobes CTEM
See how Strobes can transform your security operations with continuous threat exposure management.