Security Risk Advisors

Blog

Background

During an email phishing engagement, one of the attacks we typically use is a malicious Microsoft Office macro. For the unfamiliar, macros are bits of code embedded in Office documents. T… Continue Reading

A Smaller, Better JSP Web Shell

July 25, 2017 | Posted in Red Teams by Barrett Adams

Background

In recent external pen tests, we have come across several Apache Struts instances that are vulnerable to a remote code execution (RCE) vulnerability. Our usual procedure for any RCE vulnerability that we are going to exploit is to upload a … Continue Reading

"Things were going well for six-year-old cybersecurity firm Security Risk Advisors as a virtual company with no official HQ, said managing director Tim Wainwright.

And yet Monday night, with a visit from Commerce Director Harold Epps and Councilman De… Continue Reading

What is Apache Struts?

Apache Struts (Struts) is an open-source framework used to create Java web applications.  The great thing about Struts is that it allows developers to build powerful web applications using a well-established, portable language. … Continue Reading

SiteKiosk Breakout

April 4, 2017 | Posted in Red Teams by Dan Astor, Barrett Adams

Background

On an engagement last year, we were asked to perform a security review of several “HR kiosks” at various locations. These particular kiosks were located within manufacturing facilities and allowed employees without company assets to access … Continue Reading