One of the staples of any external penetration test is a single-password brute force attack against single-factor remote access portals. To start, we gather a list of likely usernames or emails (whatever the targeted portal requires) and us… Continue Reading
June 29, 2016 | Posted in Purple Teams by Chris Myers
About a year ago, we were performing a laptop hardening and configuration review at one of our financial services clients using Symantec Endpoint Protection’s (SEP) USB Device Control as part of their Data Loss Prevention solution. One way SEP keeps … Continue Reading
What is Whaling?
Spear phishing continues to be a trend amongst attackers as one of the easier ways into a company’s environment as it only takes a single user to take the bait. This can be especially troublesome when attackers begin to target high va… Continue Reading
One of the most pressing internal network security issues is limiting the ability of an attacker to perform privilege escalation. In my experience, once administrative level access is obtained to a Windows system it is trivial for an attacker to dump… Continue Reading
May 6, 2016 | Posted in Blue Teams
May 6, 2016, Philadelphia, PA – Security Risk Advisors will be presenting at the National Health ISAC & Aviation ISAC 2016 Spring Summit on May 12th, located at the Walt Disney World Swan and Dolphin in Lake Buena Vista, FL. Dave Mertz, Threats Ma… Continue Reading