The Macro Evolution: Bypassing Gmail’s Virus Filter and Reliably Establishing C2 Channels with Office Macros
August 10, 2017 | Posted in Red Teams by Barrett Adams
During an email phishing engagement, one of the attacks we typically use is a malicious Microsoft Office macro. For the unfamiliar, macros are bits of code embedded in Office documents. T… Continue Reading
In recent external pen tests, we have come across several Apache Struts instances that are vulnerable to a remote code execution (RCE) vulnerability. Our usual procedure for any RCE vulnerability that we are going to exploit is to upload a … Continue Reading
May 24, 2017 | Posted in PRESS RELEASE
"Things were going well for six-year-old cybersecurity firm Security Risk Advisors as a virtual company with no official HQ, said managing director Tim Wainwright.
And yet Monday night, with a visit from Commerce Director Harold Epps and Councilman De… Continue Reading
April 13, 2017 | Posted in Red Teams by Garrett Fails
What is Apache Struts?
Apache Struts (Struts) is an open-source framework used to create Java web applications. The great thing about Struts is that it allows developers to build powerful web applications using a well-established, portable language. … Continue Reading
On an engagement last year, we were asked to perform a security review of several “HR kiosks” at various locations. These particular kiosks were located within manufacturing facilities and allowed employees without company assets to access … Continue Reading