Case Study / Financial Services / Red Team

Preventative maintenance held the line against an unannounced elite Red Team — zero compromise, zero downtime.

100%
malicious requests blocked
0
footholds established
<60 sec
attack pattern detection
The Challenge

What we were called in to solve.

The Approach

How OwlEye executed.

  • 01Phase 1 — Reconnaissance: Our WAF and behavioral IDS/IPS flagged the low-and-slow REST API and wp-json enumeration inside the first minute, triggering adaptive rate limits and ASN/IP reputation scoring instead of tipping the attacker off.
  • 02Phase 2 — Exploitation: SQLi, stored/reflected XSS, XML-RPC amplification, credential stuffing, and LFI/RFI payloads were rendered inert at the edge. XML-RPC was already disabled, /wp-admin/ MFA-gated and IP-allowlisted, and every core/plugin/theme was patched current with virtual patches ahead of vendor releases.
  • 03Phase 3 — Evasion: When the Red Team pivoted to obfuscated payloads, rotating residential proxies, and session manipulation, our 24/7 SOC opened active threat hunts — correlating SIEM telemetry, pushing dynamic edge policies, and enriching IOCs from our threat intelligence platform in real time.
  • 04Incident response: NIST 800-61 lifecycle executed end-to-end — detect, triage, contain, eradicate, recover — with transparent telemetry shared with the client's security leadership once the engagement was disclosed.
The Outcome

Quantified, audited, repeatable.