
Operationalizing ShotHound to Enhance Active Directory Resilience
It’s not just about Ransomware In 2022, it’s difficult not to grasp the severe and pervasive nature of ransomware. With malicious emails up 600% in 2021 due to the pandemic and...

Security Best Practices Amid Geopolitical Crisis
During times of geopolitical conflict, it can be easy to direct your attention to the trending “IOC’s of the day” and many media outlets will take advantage of the crisis to feed...

LetItGo: A Case Study in Expired Domains and Azure AD
By identifying and purchasing an expired domain tied to an existing Azure AD organization, an anonymous attacker can use PowerBI or PowerAutomate to create an account and gain access to that organization’s tenant, including resources shared within that tenant (e.g., OneDrive, SharePoint, etc.). The attacker is effectively a “domain user” in that tenant. SRA created a tool called LetItGo that queries an organizations’ domain listing and returning any domains that are expired.

This Traversal had a Face for Radio (CVE-2020-17383)
Quick Seek Mode – TL; DR An interesting directory traversal was identified by SRA during an external penetration test for one of our clients. In addition to the standard checks...

Cloud Security Posture Management (CSPM): An Emerging Control in Cloud Security
Understand what a CSPM is, where it fits into your current program, as well as some insights based upon our experience.

PRESS RELEASE: Security Risk Advisors Adds Ignacio Calles as CFO
Philadelphia, PA ---Security Risk Advisors (SRA), a cybersecurity consulting and software firm, is proud to announce the recent hire of new Chief Financial Officer, Ignacio...

Listen to the Cyber Kumite Podcast and Video Series
Each week we deliver new discussions about the cybersecurity industry, challenges, and best practices. CISOs and other security specialists join us to bring their insight on each topic.
Interested in what we do?
Explore our Advisory Services to learn how our team can help improve your cyber program.