Nico Bleh

About Services Portfolio
DE
// Case Studies

Portfolio

Below you'll find a selection of my security projects. Client details and specific findings remain strictly confidential.

Selected Projects

Pentest OWASP Top 10 FinTech

Web Application Penetration Test | FinTech

Black-box pentest of a payment platform in the FinTech sector. Focus on authentication, authorization, and business logic vulnerabilities.

Outcomes

  • Multiple critical vulnerabilities identified, including SQL Injection with access to sensitive customer data
  • IDOR flaw allowing access to other users' transaction data discovered
  • Prioritized report with concrete remediation recommendations delivered

Tools & methods: Burp Suite Professional, OWASP Testing Guide, manual code review, CVSS scoring. Assessment duration: 2 weeks.

Red Team APT Simulation Enterprise

Red Team Assessment | Mid-Size Enterprise

Simulated attack against a mid-size enterprise over 4 weeks, from initial compromise through to a full attack chain.

Outcomes

  • Initial access achieved via targeted spear-phishing campaign
  • Lateral movement through insecure network configurations and weak password policies
  • Full attack chain through to domain compromise demonstrated

Tools & methods: C2 framework, BloodHound, manual exploits, custom phishing infrastructure. Assessment duration: 4 weeks.

Cloud Security AWS IAM Audit

Cloud Security Audit | AWS Infrastructure

Security audit of an AWS cloud environment focusing on IAM, network segmentation, and data access controls.

Outcomes

  • Critical IAM misconfigurations with privilege escalation potential identified
  • Publicly accessible storage buckets containing sensitive data uncovered
  • Privilege escalation paths across the cloud infrastructure documented and assessed

Tools & methods: Prowler, ScoutSuite, Pacu, manual AWS console review. Assessment duration: 2 weeks.

Ready to Elevate Your Security Posture?

A test today is cheaper than an incident tomorrow.