In the News
No Results Found
The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.
Office of the CISO
No Results Found
The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.
Tools
No Results Found
The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.
Using Purple Teams to Set Detection Engineering Priorities
Purple Teams play a crucial role in enhancing detection engineering efforts by combining the offensive expertise of red teams with the defensive strategies and knowledge of blue teams. By leveraging the insights gained from simulating real-world attacks, organizations can identify detection opportunities and prioritize their engineering efforts.
Just Another Kusto Hacker – Behind the Scenes Breakdown!
Participating in the “Just Another Kusto Hacker” challenge was an incredible opportunity to push my skills with Kusto Query Language (KQL) to the next level. Winning the challenge was not just a personal milestone but also a reflection of the expertise and creativity we foster at SRA. Azure Data Explorer (ADX) is a key technology for us, powering our SCALR Sight platform and enabling us to analyze vast cybersecurity datasets to deliver actionable insights to our clients.
Coercing Authentication from a Domain System: Analyzing a New Test Case from the 2025 Threat Simulation Index
Explore the latest addition to SRA’s 2025 Threat Simulation Index: the “Coerce Authentication from Domain System” test case. This blog post delves into how tools like PetitPotam and Coercer exploit Windows RPC protocols to force domain systems into unintended authentications. Ideal for purple teams aiming to benchmark and enhance their organization’s threat resilience.
VECTR Satellite Launches in the Azure Marketplace: A Managed Service for Enhanced Threat Resilience
Security Risk Advisors is thrilled to announce the launch of VECTR Satellite in the Azure Marketplace! This milestone marks a significant step forward in empowering organizations to strengthen their cybersecurity posture through a managed platform that operates securely within the confines of an organization’s own private Azure tenant.
CrowPilot: The AI Agent that Connects Security Copilot with CrowdStrike Falcon
A good security program cannot exist without good data, and for AI platforms, like Microsoft’s Security Copilot, good data is essential to maximizing effectiveness. The diverse set of security tools owned by organizations often don’t natively integrate to work...
Beware of ClickFix: A Growing Social Engineering Threat
ClickFix is a rapidly evolving social engineering technique that began gaining momentum in mid-2024. By camouflaging malware delivery within fake CAPTCHA verification screens or error messages, threat actors successfully lure end users into pressing Windows+R, pasting malicious code, and executing it, often without raising immediate suspicion. This advisory examines how ClickFix operates, documents active campaigns, and provides detection strategies and mitigation recommendations.
Proposed Changes to the HIPAA Security Rule
Discover the proposed 2025 HIPAA Security Rule changes—the first major update in 20 years. Learn what’s changing, why now, and how healthcare organizations can prepare for new cybersecurity compliance requirements.
Developing Purple Team Attack Plans from Threat Intelligence
Learn how purple teams can turn threat intelligence into actionable attack plans. This guide covers scoping, TTP analysis, and building intel-based purple team exercises.
Enhancing Cloud Security with Purple Team Strategies
Enhance your cloud security with Purple Teaming strategies. Learn how to validate security controls, track improvements, and detect threats in Azure, AWS, and on-prem environments using VECTR. Discover real-world test cases, resilience metrics, and best practices to strengthen your security posture.
My Journey to Becoming a Purple Teams MC
Discover the journey from penetration testing to leading Purple Teams. Learn how collaborative Purple Team exercises bridge the gap between offensive and defensive security, improve detection and response, and foster meaningful knowledge transfer.
Why Red? Why Purple? A NIST CSF View
Red and Purple Teaming serve distinct purposes, and we think NIST CSF backs us up on that. We outline why we believe in starting with Purple Teams to validate Protect...
Updated Results from the MITRE ATT&CK Endpoint Detection and Response Evaluation
Explore MITRE’s EDR tool evaluations for APT3 threat detection, featuring top performers like Crowdstrike and new entrants FireEye and Cybereason. Detailed results at SRA
New Health Industry Cybersecurity Practices (HICP) Guidance Released: What You Need to Know
Explore HPH SCC’s new cybersecurity guidance for healthcare, offering a prescriptive approach to enhance industry-wide security practices.
Open Letter to the FDA
This blog post contains a copy of the questions and comments we’ve submitted to the FDA regarding their latest Medical Device Cyber Security Pre-Market Guidance draft (Link Here). In our previous blog post, we provided an overview of the draft. We believe that...
FDA Pre-Market Medical Device Draft Guidance Review
FDA’s draft guidance on medical device cybersecurity could revolutionize industry practices for manufacturers and healthcare providers.
Creating a Project Sonar FDNS API with AWS
Learn to harness Rapid7’s Project Sonar for cybersecurity with our guide on creating an HTTP API to query internet-wide scan data, using AWS services.
Automating Payload Servers with AWS CodePipeline
Explore how AWS CI/CD tools can streamline offensive security operations with a payload server build pipeline, from code to delivery.
Finding and Decoding Big-IP and Netscaler Cookies with Burp Suite
Uncover the risks of ADC cookie leaks and secure your load balancing with SRA’s Load Balancer Cookie Scanner extension.
BSides PGH 2018 – Heavy Machinery and Burly Lumberjacks and Logging! Oh My!
Discover SRA’s Red Team SIEM strategies and tools presented at BSides PGH for efficient cyber engagement management.
BSides Philly 2017 – MFA: It’s 2017 and You’re Still Doing It Wrong
SRA unveils MFA best practices at BSides Philly. Learn to secure remote access and avoid common pitfalls. Watch on YouTube, slides on Slideshare.
New Vulnerability, Same Old Tomcat: CVE-2017-12617
Exploit Tomcat’s CVE-2017-12617 with our Metasploit module for remote code execution. Elevate pentests with System access. Get it on GitHub.
Peripheral Pwnage: Mousejacking 2.4 Ghz Input Devices
Explore advanced penetration testing methods beyond Responder, including mousejacking wireless peripherals for initial domain access.
The Macro Evolution: Bypassing Gmail’s Virus Filter and Reliably Establishing C2 Channels with Office Macros
Learn how a malicious Office macro can automate tasks and be abused in phishing attacks, despite multiple defensive layers. Protect against this threat.
A Smaller, Better JSP Web Shell
Discover our JSP Web Shell for RCE on Apache Struts, enabling command execution and file uploads within 1kb, even on limited servers.
Strutting Your Stuff – Identifying Outdated and Vulnerable Apache Struts in Your Linux Environment
Use our Struts Vulnerability Scanner to detect and manage Apache Struts flaws, ensuring your Java web apps are secure against known exploits.
Why Red? Why Purple? A NIST CSF View
Red and Purple Teaming serve distinct purposes, and we think NIST CSF backs us up on that. We outline why we believe in starting with Purple Teams to validate Protect...
The Perniciousness of Emotet and Banking Trojans
Guard against Emotet, the banking trojan that steals data and credentials. Learn how to protect your organization from such cyberattacks.
Updated Results from the MITRE ATT&CK Endpoint Detection and Response Evaluation
Explore MITRE’s EDR tool evaluations for APT3 threat detection, featuring top performers like Crowdstrike and new entrants FireEye and Cybereason. Detailed results at SRA
Purple Teams and Threat Resilience Metrics
This article covers how a Purple Team process done correctly can: Be documented and organized using the free VECTR.io platform (https://vectr.io) and align to MITRE ATT&CK Generate quantitative success defense metrics more meaningful than existing hygiene and...
A Closer Look at MITRE ATT&CK Evaluation Data
MITRE ATT&CK’s first endpoint security evaluations of APT-3 reveal key insights into vendor performance and detection capabilities.
The Return of OLE Exploit Delivery: CVE-2018-8174
CVE-2018-8174 “Double Kill” exploit targets Office OLE. Learn how to block attacks and secure your system against unauthorized code execution.
Purple Teaming: How to Approach it in 2017
Enhance cyber defense with Collaborative Purple Teaming, a proven strategy from Security Risk Advisors for measurable security improvements.
SEP USB Device Control – The Cheetah and The Hare
Discover how to combat the USB Security Flaw and protect sensitive data from unauthorized USB device copying with effective remediation steps.
Beaconing Past McAfee ePO
Enhance security with Advanced Threat Simulation, testing detection against sophisticated cyber threats and toolsets.
FSOEP Presentation: Web Banking & Fraud: Corporate Treasury Attacks
Learn to shield corporate treasury from attacks with our FSOEP talk on robust defense strategies. Safeguard your financial systems.
Understanding and Applying Vector Databases to Supercharge your SOC with AI & Copilot for Security
Discover how Azure AI Search integration enhances threat intelligence with vector databases in Copilot for Security.
Building a Copilot for Security Custom NetFlow Plugin
We’ve built a custom Copilot for Security plugin that would take advantage of network flow data and use the power of Copilot for Security to extract the exact time and IP address of a host involved in a security incident, then go retrieve, summarize, and analyze the netflow data within 30 minutes on either side of the first noted malicious event to determine if there was potential for lateral movement or other key indicators of attack. This can give insight to understand if an attacker may have attempted to move laterally on your network, and if so where, and using which protocols.
Build: Azure Sentinel – Automated Evidence Storage Folders
Azure Sentinel have evolved into an excellent SIEM platform that we operate, tune, and optimize for many of our clients. One of the top features that differentiates Sentinel is that it is truly cloud native, fully exposing its data and functionality for use with all the other capabilities in Azure. I see the sky-as-the-limit when it comes to being able to creatively augment Sentinel with valuable features and functionality.
Getting Started in Cyber Physical System Security Defense
TL;DR – The best way to get started with Cyber Physical System Defense is to create a defense plan, collect asset inventory, and begin implementing monitoring infrastructure. These steps are all much easier said than done. Let's say you just found out that your...
S4x23 SBOM Challenge: Post-Conference Update
If you really need one, here’s the TL;DR – The SBOM market is emerging. Asset owners are unsure if they want them and suppliers/OEM’s are either considering adoption, have already adopted, or have a “shoo fly” mentality (for now). The “SBOM Challenge” was well...
Developing SBOM as a Capability
S4x23 Presents: SBOMs Galore It seemed like a week didn’t go by in 2022 without the mention of Software Bill of Materials (SBOM) in our newsfeeds, from a client, or from a colleague, so the announcement that S4x23 would feature an SBOM challenge piqued our interest....
Using Tabletop Exercises to Strengthen OT Security Maturity
If you are part of an organization grappling with how to secure your Operational Technology (OT) environment, you are not alone. Let’s start with the basics: Do you have an Incident Response Plan (IRP) that includes your OT environments and assets? Hint: the...
CS-Paralyzer: CrowdStrike EDR Impairment and Detections for Your Team
Summary In December 2022 we assisted with an incident response investigation where the threat actor was successful in stealthily impairing an EDR agent with malware called “CS-Paralyzer”. In this incident, CrowdStrike was the target EDR and the attack disabled the EDR...
Save Budget and Improve Your Logging and Monitoring Capabilities
In budget-tightening times, a security data pipeline can greatly reduce your SIEM costs and increase log efficiency. SRA has implemented this new approach for many of our clients, helping them realize significant savings by reducing log size and volume ingested by...
Threat Intelligence Requirements
Establishing Threat Intelligence Requirements should be one of the first things organizations do when starting a Cyber Threat Intelligence (CTI) program. Requirements provide goals and objectives for CTI teams that, when met, equip stakeholders with the required knowledge that will enable teams to better protect and defend the organization.
No Results Found
The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.
Trends in Third-Party and Vendor Risk Management
Enhance TP/VRM with SRA’s methodology for risk profiling, efficient assessments, and continuous monitoring to secure vendor relationships.
Business Implications of the CLOUD Act
New U.S. CLOUD Act governs access to overseas data, impacting businesses with cross-border data storage. Learn the implications for your company.
Insurance Sales Agent Module Design wins AAA NCNU and Security Risk Advisors GRC team Archer Platinum Innovation award
Discover insights from the Archer User Summit, where global Archer professionals unite to innovate and share success stories.
Highlights of Archer Version 5.5 Service Pack 3
Explore the top Archer 5.5 enhancements, including session timeout alerts and bug fixes for a smoother user experience.
Save time by using Archer-to-Archer data feeds to populate Finding application records
A useful feature of Archer is the ability to automatically generate findings from compliance or risk assessment questionnaires when questions are answered incorrectly (which may indicate that an expected control is not in place). The screenshot below depicts such a...
Getting Started with Business Continuity Management in the RSA Archer GRC tool
Streamline business continuity with Archer BCM Transition, ensuring automated, repeatable processes for robust GRC integration.
Custom employee review process takes advantage of RSA Archer’s In-Line Editing capability
Streamline performance reviews with Archer In-Line Editing, enhancing efficiency across branches in real-time analysis.
RSA Archer: Think “objectives” instead of core modules
Optimize Archer for specific use case objectives to streamline compliance, risk management, and recovery processes.
Securing the Point of Sale Device
Protect against a POS security breach with P2PE-HW principles. Encrypt CHD at swipe and secure key management.
Streamline PCI compliance with a GRC Tool
Ease PCI DSS compliance with a GRC tool. Streamline assessments and enhance security. Contact info@sra.io for solutions.
No Results Found
The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.
PRESS RELEASE: SRA Announces Partnership with the International Rescue Committee, Offers SCALR XDR Pro Bono
Philadelphia, PA: Cybersecurity firm, Security Risk Advisors (SRA), has partnered with the International Rescue Committee (IRC) to provide 24x7x365 cybersecurity monitoring services through its SCALR™ XDR solution at no cost. The International Rescue Committee (IRC)...
PRESS RELEASE: Security Risk Advisors Adds Ignacio Calles as CFO
Philadelphia, PA ---Security Risk Advisors (SRA), a cybersecurity consulting and software firm, is proud to announce the recent hire of new Chief Financial Officer, Ignacio Calles. SRA specializes in providing clients with ethical hacking, cyber defense engineering...
PRESS RELEASE: SRA Adds Mamani Older as Director
Philadelphia, PA - Security Risk Advisors is proud to announce the recent hire of a new director, Mamani Older of Westchester, NY. Older will serve on SRA’s executive leadership team overseeing the direction and operations of the consulting firm that specializes in...
PRESS RELEASE – SRA Designated as a Distinguished Vendor by TAG Cyber Security
Philadelphia, PA – April 16, 2021 – Security Risk Advisors, an industry leader in cyber security consulting and CyberSOC, is proud to announce its designation as a Distinguished Vendor in this year’s Second Quarter 2021 TAG Cyber Security Quarterly. The TAG Cyber...
PRESS RELEASE – Security Risk Advisors creates scholarships for RIT’s Cybersecurity Bootcamp program
Security Risk Advisors is proud to announce the creation of the SRA Next Gen Cybersecurity Scholarships. Through the scholarships, SRA is offering $25,000 for underrepresented professionals looking to enter the cyber workforce through RIT’s Cybersecurity Bootcamp program.
PRESS RELEASE – Security Risk Advisors Announces Expansion in Philadelphia and a New Office in Rochester, NY
For Immediate Release: Wednesday, June 19, 2019 Contact: Amanda Larsen | amanda.larsen@sra.io | (401) 743-6926 SECURITY RISK ADVISORS ANNOUNCES EXPANSION IN PHILADELPHIA AND A NEW OFFICE IN ROCHESTER, NY Cybersecurity and Risk Management...
PRESS RELEASE – Empire State Development Announces Investment in Security Risk Advisors Move to Rochester
For Immediate Release: Tuesday, June 18, 2019 Contact: Shari Voorhees-Vincent | Shari.Voorhees-Vincent@esd.ny.gov | (585) 399-7055 Press Office | pressoffice@esd.ny.gov | (800) 260-7313 EMPIRE STATE DEVELOPMENT ANNOUNCES INVESTMENT IN SECURITY RISK ADVISORS...
PRESS RELEASE – Security Risk Advisors Teammates Chose Non-profits to Receive $120,000 of Donations in 2018
Philadelphia ---Security Risk Advisors (SRA), a Philadelphia-based cybersecurity consulting firm, is proud to report that our teammates chose the 78 non-profit organizations to receive $120,000 of SRA’s charitable giving in 2018. One of SRA values is 'It's Personal'....
PRESS RELEASE – Security Risk Advisors Chosen for 2018 Philadelphia 100 Award
Philadelphia --- Security Risk Advisors (SRA), a Philadelphia-based boutique cybersecurity consulting firm, was named a Philadelphia 100 Award Winner. Philadelphia 100 Awards go to the top 100 fastest growing, privately-held companies in the Philadelphia region. The...
PRESS RELEASE – Security Risk Advisors Celebrates National Intern Day Everyday
A robust co-op and internship program, supported by SRA’s values and strengths, helps foster new workers in the growing cybersecurity field. Philadelphia ---Security Risk Advisors (SRA), a Philadelphia-based boutique cybersecurity consulting firm, was happy to...
Follow us on social media
Browse our Webinars
Access these virtual events on-demand and get valuable insight from our thought leaders and subject matter experts.
Get Curated Security News and Critical Vulnerability Reports
Our Threat Intelligence Gathering & Research (TIGR) team is focused on threat intelligence and curates a daily intelligence report, TIGR Threat Watch, with information collected from several industry intel sources. We also create and publish ad-hoc critical vulnerability notifications in case of critical and time-sensitive vulnerabilities or threats.