Try the lab yourself at: https://infinity.cyberwarfare.live/apt_labs/apt/challenges/6874eacbc8f632cbe2428b12

Trust Bank Breach: High Stakes in red team simulation, break in before they lock you out!

Welcome to read my walkthrough on this bank infiltration challenge! It’s good to note that I committed this bank robbery alongside with my partner in crime Decrypt0rr!

Throughout this walkthrough I’ll talk about my experience with this full-scope red teaming simulation against a fictional bank called “Trust Bank”. In this scenario we’re emulating a financially motivated APT group known as FIN7. The goal is to infiltrate the network, compromise the branch manager’s email, and stealthily exfiltrate internal financial communications and sensitive data, hopefully without triggering many alarms. Now let’s get to it!

Passive Recon - first thoughts

Structure of the network, which we’re given the passive information gathering part, which basically just consists of us reading information about the target and the scope of the engagement 

Scope of Engagement & Rules:

• Target
• Primary Objective: Gain unauthorized mail access to the branch manager’s account.
• Secondary Objective: Extract sensitive data (PII, account details, internal memos).
• IP Range: 172.16.100.0/24 (Trust Bank’s internal network segment).
• Rules of Engagement (ROE):
• Avoid disruption: Do not crash systems or trigger incident response unnecessarily.
• Legal compliance: Operate under authorized red team agreements.

Test test

This is a test