pwn the analyst - small bank soc entry point

Post reply
c_440
c_440
c_440 c_440 March 10 Mar 10 #1
Got a clean angle on a security analyst at a regional bank. Mid-level, not senior enough to be paranoid but still has access to internal tooling. Works security side, handles alerts + incident triage. Have partial profile + contact chain already mapped. Based out of OR, hybrid setup. Plan is simple: social entry + trust pivot into access. No smash-and-grab, just controlled escalation. Looking for buyer who knows how to actually use analyst access (SOC console, tickets, etc). DM if you want details or proof.
o_173
o_173
o_173 o_173 March 10 Mar 10 #2
what kind of access we talking? read only or can approve stuff
c_440
c_440
c_440 c_440 March 10 Mar 10 #3
can interact with alerts + internal systems. not top level but enough to pivot
joe0388
joe0388
joe0388 joe0388 March 10 Mar 10 #4
analyst role usually locked behind mfa. you got a way around that?
c_440
c_440
c_440 c_440 March 10 Mar 10 #5
target is human, not system. mfa doesnt matter if they hand you session or approve push
chudkiller79
chudkiller79
chudkiller79 chudkiller79 March 11 Mar 11 #6
this someone new or been there a while
c_440
c_440
c_440 c_440 March 11 Mar 11 #7
not new hire. stable role, predictable schedule
ericw
ericw
ericw ericw March 11 Mar 11 #8
any personal leak on them or just work side
c_440
c_440
c_440 c_440 March 11 Mar 11 #9
have both. email, location, some reused creds from older breach
y_144
y_144
y_144 y_144 March 11 Mar 11 #10
OR you said? portland area or smaller
c_440
c_440
c_440 c_440 March 11 Mar 11 #11
not portland. smaller place east of there
chloe_m
chloe_m
chloe_m chloe_m March 11 Mar 11 #12
name or initial? wanna check if i seen them before
c_440
c_440
c_440 c_440 March 12 Mar 12 #13
not dropping full here. initials P.M. security analyst
bobby12
bobby12
bobby12 bobby12 March 12 Mar 12 #14
bank side or third party soc?
c_440
c_440
c_440 c_440 March 12 Mar 12 #15
direct employee. internal security team
f_005
f_005
f_005 f_005 March 12 Mar 12 #16
you got login already or still pre-access phase
c_440
c_440
c_440 c_440 March 12 Mar 12 #17
have creds from older reuse but not validated. entry will be social first
b9v1
b9v1
b9v1 b9v1 March 12 Mar 12 #18
sounds like that UPB analyst ppl were talking about last week
nate_p
nate_p
nate_p nate_p March 12 Mar 12 #19
yeah think same one, small oregon bank right
c_440
c_440
c_440 c_440 March 12 Mar 12 #20
if you know you know. not confirming in thread
z90q
z90q
z90q z90q March 13 Mar 13 #21
price?
c_440
c_440
c_440 c_440 March 13 Mar 13 #22
depends if you want just intel or full playbook + contact chain

DJDT

Versions

Time

Settings from devproject.settings

Headers

Request

SQL queries from 1 connection

Misago User Permissions

Misago User ACL

Static files (349 found, 10 used)

Templates (42 rendered)

Cache calls from 1 backend

Signals