Purple Team Penetration Test Case Study

  • MerciIT
  • Purple Team Penetration Test Case Study
  • August 30, 2023
  • 0 Comments
  • By

Purple Team Penetration Test Case Study

Staffing Specialized Security Talent for Financial Services Industry

Executive Summary

A mid-sized financial services firm (name kept confidential) with approximately $10.3 million in assets under management approached Merci Technologies, our IT and cybersecurity staffing team, to provide specialized talent for a comprehensive purple team assessment. The Client had identified potential security gaps through a routine audit and needed expert security professionals to validate their incident response capabilities in real-time.

Merci Technologies assembled and deployed a complete purple team of security specialists who successfully conducted the assessment, identified critical vulnerabilities, and transferred valuable knowledge to the Client’s internal team.

Client Requirements

Industry: Financial Services
Size: 350 employees, 4 office locations
Infrastructure: Hybrid cloud environment (AWS and on-premises data center)
Regulatory Requirements: SOX, PCI-DSS, GDPR
Internal Security Team: 6 security professionals (2 managers, 4 analysts)

Staffing Objectives

The Client required specialized security talent that could:

  1. Work collaboratively with their internal security team
  2. Bring advanced offensive and defensive security expertise
  3. Conduct a thorough assessment of their security controls
  4. Transfer knowledge to upskill their existing security personnel
  5. Provide clear documentation and actionable recommendations

Our Staffing Solution

Purple Team Personnel Placement

Merci Technologies identified, vetted, and placed the following security professionals:

Red Team Specialists (2)

  • Senior Penetration Tester with 8+ years of experience in financial sector security
  • Web Application Security Specialist with OSCP certification and API security expertise

Blue Team Analysts (2)

  • Security Operations Lead with SANS certifications and 6+ years of SIEM experience
  • Threat Hunting Specialist with expertise in cloud security monitoring

Purple Team Coordinator (1)

  • Senior Security Consultant with previous experience facilitating collaborative security exercises

Security Architect (1)

  • Infrastructure Security Specialist with financial services background and compliance expertise

Engagement Process

1. Team Onboarding and Planning (2 weeks)

Our placed professionals conducted scoping workshops with the Client’s CISO, security managers, and key IT stakeholders to establish:

  • Rules of engagement
  • Communication protocols
  • Testing schedule
  • Critical system boundaries
  • Success criteria for the assessment

2. Reconnaissance and Initial Assessment (1 week)

Our offensive security specialists performed passive reconnaissance to establish a baseline understanding of the Client’s external attack surface:

  • OSINT gathering
  • Network infrastructure scanning
  • Web application discovery
  • Public-facing systems enumeration

The defensive specialists worked with the Client’s monitoring team during this phase to establish baseline detection capabilities.

3. Coordinated Attack Scenarios (3 weeks)

The purple team coordinator facilitated a series of attack scenarios designed to:

Scenario 1: External Network Penetration

  • The red team specialists executed perimeter testing
  • The blue team analysts worked alongside Client staff to monitor for signs of intrusion
  • Real-time feedback loops established through our purple team coordinator

Scenario 2: Web Application Assessment

  • A web application security specialist led testing of client portal and internal applications
  • Attack methods included:
    • SQL injection attempts
    • Authentication bypass techniques
    • Session management exploitation
    • API security testing

Scenario 3: Phishing and Social Engineering

  • The red team implemented a simulated targeted phishing campaign against 50 employees
  • The blue team examined email security controls and user awareness
  • Combined team tracked detection and response to suspicious activities

Scenario 4: Lateral Movement

  • Starting from a compromised endpoint, our red team specialists attempted privilege escalation
  • The security architect assessed network segmentation and access controls
  • The defensive specialists coached the Client’s team on containment strategies

4. Knowledge Transfer and Collaborative Review

After each attack scenario, the purple team conducted debriefing sessions to:

  • Review attack methodologies and detection gaps
  • Analyze prevention/detection effectiveness
  • Provide immediate remediation guidance
  • Document lessons learned
  • Adjust subsequent scenarios based on findings

Key Findings Identified

  1. External Perimeter Security: Generally strong, but discovered vulnerable legacy VPN endpoint allowing unauthorized access
  2. Web Application Vulnerabilities:
    • Client portal contained Cross-Site Scripting (XSS) vulnerabilities
    • Inadequate input validation in fund transaction processing
    • API authentication relied solely on API keys without additional security controls
  3. Security Monitoring Gaps:
    • 43% of red team activities went undetected in real-time
    • SIEM rule tuning needed for privileged account usage
    • Lack of network baselining hindered anomaly detection
  4. Incident Response Challenges:
    • Average detection time: 4 hours (industry standard: 2-3 hours)
    • Containment procedures lacked clear role assignments
    • Inconsistent escalation paths delayed response actions
  5. Lateral Movement Findings:
    • Excessive local administrator rights enabled privilege escalation
    • Inadequate network segmentation between development and production
    • Credentials stored in plaintext configuration files

Value Delivered by Our Purple Team

The staffed security professionals delivered several immediate security improvements:

  1. Real-time Fixes: 6 critical vulnerabilities remediated during the engagement
  2. SIEM Tuning: 12 new detection rules implemented and validated
  3. Response Playbooks: Developed 4 incident response procedures for common attack scenarios
  4. Security Awareness: Live demonstrations increased stakeholder understanding of security risks
  5. Knowledge Transfer: Our specialists mentored the Client’s security team throughout the engagement

Long-term Recommendations from the Team

  1. Architecture Improvements:
    • Implement zero-trust network architecture for internal systems
    • Enhance network segmentation between business units
    • Deploy additional web application firewall rules
  2. Process Enhancements:
    • Formalize vulnerability management program
    • Establish regular purple team exercises as part of security program
    • Implement threat hunting capabilities
  3. Technology Investments:
    • Deploy endpoint detection and response (EDR) solution
    • Enhance API security with OAuth 2.0 and rate limiting
    • Implement privileged access management (PAM) solution
  4. Security Talent Development:
    • Identified specific training needs for internal security staff
    • Recommended strategic security hiring to address skill gaps

Client Outcomes and ROI

  1. Measurable Security Improvements:
    • 68% reduction in detection time by engagement conclusion
    • 23 vulnerabilities identified and remediated
    • 100% increase in successful alert triage
  2. Knowledge Transfer:
    • Internal security team gained practical experience in attack techniques
    • Defenders improved threat hunting skills
    • Developers learned secure coding practices through examples
  3. Regulatory Compliance:
    • Documentation supported evidence for SOX and PCI compliance
    • Identified compliance gaps in data handling procedures
    • Improved security controls reduced audit findings by 40%

Conclusion

By providing highly specialized security talent for this purple team assessment, we  delivered significant value beyond what a traditional security assessment would have achieved. The Client benefited not only from the identification of security vulnerabilities but also from the knowledge transfer and skill development provided by our security professionals.

Six months after the engagement, the Client reported maintaining the security improvements and successfully implementing 85% of the recommended controls. They have since engaged Merci Technologies’ staffing services again to help establish quarterly purple team exercises and fill strategic security roles identified during the assessment.

Testimonial

“The purple team specialists provided by Merci Technologies transformed how we approach security testing. Instead of traditional penetration tests that left us with a list of vulnerabilities to fix, this collaborative team built our internal capabilities while securing our environment. The knowledge transfer alone was worth the investment, and we’ve since hired several of your recommended professionals for full-time positions.”

— CISO, A Financial Services Firm

The Rise of AI in Cybersecurity: Transforming Digital Defense

October 11, 2024

Join the Merci Technologies Talent Network: Where IT Professionals Thrive

November 9, 2022
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.