Security Risk Advisors

Category: Red Teams

SecureWorld: Building a Mobile App Security Risk Management Program

May 24, 2012 | Posted in Red Teams by Chris Salerno

We recently co-presented a case study with Vas Rajan (CISO, INGDirect) discussing how we jointly developed a security risk management program for customer-facing mobile apps. We discussed the security risks and challenges, and a programmatic approach… Continue Reading

Top 5 Simple Ways I Became Domain Administrator on your Internal Network and How to Prevent them from Happening (Part 5 of 5)

May 24, 2011 | Posted in Red Teams by Chris Salerno

5. You’re still using Telnet, FTP, HTTP, [insert clear text protocol here]

Clear text protocols are all but eliminated on Internet-facing systems, but a substantial amount of them still remain on internal networks. With prevalent password reuse and si… Continue Reading

Top 5 Simple Ways I Became Domain Administrator on your Internal Network and How to Prevent them from Happening (Part 4 of 5)

May 19, 2011 | Posted in Red Teams by Chris Salerno

4. Your network shares are sharing way too much information…to EVERYONE

Network shares are designed to do just that, share information with those who need it.  The problem is too many folders are being shared to everyone in the company and that genera… Continue Reading

Top 5 Simple Ways I Became Domain Administrator on your Internal Network and How to Prevent them from Happening (Part 3 of 5)

May 16, 2011 | Posted in Red Teams by Chris Salerno

3. Your remote access technology uses a blank or easily guessable password

You may be noticing a pattern by now; blank or weak passwords that lead directly to system administration.  Remote administration technologies make life easier for administrato… Continue Reading

Top 5 Simple Ways I Became Domain Administrator on your Internal Network and How to Prevent them from Happening (Part 2 of 5)

May 12, 2011 | Posted in Red Teams by Chris Salerno

2. The local administrator password is blank or easily guessable

Once again, this one isn’t rocket science, but we still see this issue all too often.  Whether it’s that third-party vendor system that no one can change the password on or an Administra… Continue Reading