Security Risk Advisors

Category: Red Teams

Strutting Your Stuff - Identifying Outdated and Vulnerable Apache Struts in Your Linux Environment

April 13, 2017 | Posted in Red Teams by Garrett Fails

What is Apache Struts?

Apache Struts (Struts) is an open-source framework used to create Java web applications.  The great thing about Struts is that it allows developers to build powerful web applications using a well-established, portable language. … Continue Reading

SiteKiosk Breakout

April 4, 2017 | Posted in Red Teams by Dan Astor

Background

On an engagement last year, we were asked to perform a security review of several “HR kiosks” at various locations. These particular kiosks were located within manufacturing facilities and allowed employees without company assets to access … Continue Reading

BSides NOLA 2017 - Your New Red Team Hardware Survival Pack

April 3, 2017 | Posted in Red Teams by Chris Salerno

Presented at BSides New Orleans, April 1, 2017

A few years ago all you needed was a 4 port switch and Kali VM to reliably bypass most controls and have domain admin in a few hours. Defenses and networks have improved and so should your red team arsena… Continue Reading

Getting the GAL

August 24, 2016 | Posted in Red Teams by Barrett Adams

Background

One of the staples of any external penetration test is a single-password brute force attack against single-factor remote access portals. To start, we gather a list of likely usernames or emails (whatever the targeted portal requires) and us… Continue Reading

Baiting the C-Suite with Panama Paper Hysteria

May 24, 2016 | Posted in Red Teams by Dan Astor

What is Whaling?

Spear phishing continues to be a trend amongst attackers as one of the easier ways into a company’s environment as it only takes a single user to take the bait. This can be especially troublesome when attackers begin to target high va… Continue Reading