Security Risk Advisors

Blog

Getting the GAL

August 24, 2016 | Posted in Red Teams by Barrett Adams

Background

One of the staples of any external penetration test is a single-password brute force attack against single-factor remote access portals. To start, we gather a list of likely usernames or emails (whatever the targeted portal requires) and us… Continue Reading

About a year ago, we were performing a laptop hardening and configuration review at one of our financial services clients using Symantec Endpoint Protection’s (SEP) USB Device Control as part of their Data Loss Prevention solution. One way SEP keeps … Continue Reading

What is Whaling?

Spear phishing continues to be a trend amongst attackers as one of the easier ways into a company’s environment as it only takes a single user to take the bait. This can be especially troublesome when attackers begin to target high va… Continue Reading

One of the most pressing internal network security issues is limiting the ability of an attacker to perform privilege escalation. In my experience, once administrative level access is obtained to a Windows system it is trivial for an attacker to dump… Continue Reading

May 6, 2016, Philadelphia, PA – Security Risk Advisors will be presenting at the National Health ISAC & Aviation ISAC 2016 Spring Summit on May 12th, located at the Walt Disney World Swan and Dolphin in Lake Buena Vista, FL. Dave Mertz, Threats Ma… Continue Reading