Security Risk Advisors

Blog

What is Apache Struts?

Apache Struts (Struts) is an open-source framework used to create Java web applications.  The great thing about Struts is that it allows developers to build powerful web applications using a well-established, portable language. … Continue Reading

SiteKiosk Breakout

April 4, 2017 | Posted in Red Teams by Dan Astor, Barrett Adams

Background

On an engagement last year, we were asked to perform a security review of several “HR kiosks” at various locations. These particular kiosks were located within manufacturing facilities and allowed employees without company assets to access … Continue Reading

Presented at BSides New Orleans, April 1, 2017

A few years ago all you needed was a 4 port switch and Kali VM to reliably bypass most controls and have domain admin in a few hours. Defenses and networks have improved and so should your red team arsena… Continue Reading

The Way It Was

The concept of purple teaming is not new.  We’ve been doing it for years; it was just disjointed and we didn’t call it “purple” or “red and blue”.  Instead, the red team “broke in” (usually walked in), perused the aisles, took what they… Continue Reading

Getting the GAL

August 24, 2016 | Posted in Red Teams by Barrett Adams

Background

One of the staples of any external penetration test is a single-password brute force attack against single-factor remote access portals. To start, we gather a list of likely usernames or emails (whatever the targeted portal requires) and us… Continue Reading