In the News
No Results Found
The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.
Office of the CISO
No Results Found
The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.
Tools
No Results Found
The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.
Just Another Kusto Hacker – Behind the Scenes Breakdown!
Participating in the “Just Another Kusto Hacker” challenge was an incredible opportunity to push my skills with Kusto Query Language (KQL) to the next level. Winning the challenge was not just a personal milestone but also a reflection of the expertise and creativity we foster at SRA. Azure Data Explorer (ADX) is a key technology for us, powering our SCALR Sight platform and enabling us to analyze vast cybersecurity datasets to deliver actionable insights to our clients.
Coercing Authentication from a Domain System: Analyzing a New Test Case from the 2025 Threat Simulation Index
Explore the latest addition to SRA’s 2025 Threat Simulation Index: the “Coerce Authentication from Domain System” test case. This blog post delves into how tools like PetitPotam and Coercer exploit Windows RPC protocols to force domain systems into unintended authentications. Ideal for purple teams aiming to benchmark and enhance their organization’s threat resilience.
VECTR Satellite Launches in the Azure Marketplace: A Managed Service for Enhanced Threat Resilience
Security Risk Advisors is thrilled to announce the launch of VECTR Satellite in the Azure Marketplace! This milestone marks a significant step forward in empowering organizations to strengthen their cybersecurity posture through a managed platform that operates securely within the confines of an organization’s own private Azure tenant.
CrowPilot: The AI Agent that Connects Security Copilot with CrowdStrike Falcon
A good security program cannot exist without good data, and for AI platforms, like Microsoft’s Security Copilot, good data is essential to maximizing effectiveness. The diverse set of security tools owned by organizations often don’t natively integrate to work...
Beware of ClickFix: A Growing Social Engineering Threat
ClickFix is a rapidly evolving social engineering technique that began gaining momentum in mid-2024. By camouflaging malware delivery within fake CAPTCHA verification screens or error messages, threat actors successfully lure end users into pressing Windows+R, pasting malicious code, and executing it, often without raising immediate suspicion. This advisory examines how ClickFix operates, documents active campaigns, and provides detection strategies and mitigation recommendations.
Proposed Changes to the HIPAA Security Rule
Discover the proposed 2025 HIPAA Security Rule changes—the first major update in 20 years. Learn what’s changing, why now, and how healthcare organizations can prepare for new cybersecurity compliance requirements.
Developing Purple Team Attack Plans from Threat Intelligence
Learn how purple teams can turn threat intelligence into actionable attack plans. This guide covers scoping, TTP analysis, and building intel-based purple team exercises.
Enhancing Cloud Security with Purple Team Strategies
Enhance your cloud security with Purple Teaming strategies. Learn how to validate security controls, track improvements, and detect threats in Azure, AWS, and on-prem environments using VECTR. Discover real-world test cases, resilience metrics, and best practices to strengthen your security posture.
My Journey to Becoming a Purple Teams MC
Discover the journey from penetration testing to leading Purple Teams. Learn how collaborative Purple Team exercises bridge the gap between offensive and defensive security, improve detection and response, and foster meaningful knowledge transfer.
The Entra-nce to Tenant Maturity
SRA has developed a maturity strategy for identity and access management (IAM) in Entra ID. The goal is for our clients and readers to achieve the “Modern” maturity level and aspire to be at the “Advanced” maturity level.
No Results Found
The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.
SiteKiosk Breakout
Enhance your HR kiosks’ defense with our Kiosk Security Review, preventing unauthorized access and ensuring robust protection against exploits.
BSides NOLA 2017 – Your New Red Team Hardware Survival Pack
Discover the Red Team Hardware Guide from BSides NOLA 2017 for advanced security tactics and protection strategies.
Getting the GAL
Strengthen your security with Brute Force Defense strategies to protect remote access portals and detect single-password attacks effectively.
Baiting the C-Suite with Panama Paper Hysteria
Learn to navigate the Whaling Cybersecurity Threat, a high-stakes spear-phishing tactic targeting top executives, and bolster your defenses.
Using CA Process Automation to Get Command Execution as SYSTEM
Leverage CA Process Automation Exploit insights to secure port 8080 against default credential vulnerabilities and enhance network defense.
Plastic Beach: Gaining Access to CDEs
Secure PCI systems with our PCI Penetration Testing, ensuring trophy assets like CDE and PANs are protected against advanced threats.
Beaconing Past McAfee ePO
Enhance security with Advanced Threat Simulation, testing detection against sophisticated cyber threats and toolsets.
2014 Pittsburgh Security B-Sides
We recently presented at the 2014 Pittsburgh Security B-Sides on the topic of gaining physical access to facilities. From social engineering to cloning RFID badges, we discuss ways attackers can gain access as well as ways to protect your critical physical...
Social Engineering Past 2-Factor Authentication
Uncover how training gaps can render two-factor authentication flawed. Secure your network with better practices.
User Enumeration
Thwart user enumeration in web apps with our expert tips. Secure login and registration now.
Beaconing Past McAfee ePO
Enhance security with Advanced Threat Simulation, testing detection against sophisticated cyber threats and toolsets.
FSOEP Presentation: Web Banking & Fraud: Corporate Treasury Attacks
Learn to shield corporate treasury from attacks with our FSOEP talk on robust defense strategies. Safeguard your financial systems.
Threat Intelligence Requirements
Establishing Threat Intelligence Requirements should be one of the first things organizations do when starting a Cyber Threat Intelligence (CTI) program. Requirements provide goals and objectives for CTI teams that, when met, equip stakeholders with the required knowledge that will enable teams to better protect and defend the organization.
LetItGo: A Case Study in Expired Domains and Azure AD
By identifying and purchasing an expired domain tied to an existing Azure AD organization, an anonymous attacker can use PowerBI or PowerAutomate to create an account and gain access to that organization’s tenant, including resources shared within that tenant (e.g., OneDrive, SharePoint, etc.). The attacker is effectively a “domain user” in that tenant. SRA created a tool called LetItGo that queries an organizations’ domain listing and returning any domains that are expired.
Cloud Security Posture Management (CSPM): An Emerging Control in Cloud Security
Understand what Cloud Security Posture Management is, where it fits into your current program, & get insight based upon our experience.
Understanding and Preparing for the Shift to XDR
The CyberSOC model is changing, driven by cloud adoption and improvements in detection technologies on tools like Endpoint Detection and Response (EDR). Extended Detection and Response (XDR) is the realization of these changes, putting less pressure on the SIEM to...
Malware Analysis: A General Approach
TL; DR Malware analysis has many benefits to organizations and their defenders; however, most organizations do not have processes defined for performing these actions. This post will walk through the questions that malware analysis can answer along with defining an...
SolarWinds Breach: How do we stop this from happening again?
The SolarWinds breach is perhaps one of the worst, if not the worst public hacking events in history. Much has been written on what happened, and I’m not going to regurgitate those details. There is inestimable complexity ahead for CISOs to try and identify the extent...
User Data Leaks via GIFs in Messaging Apps
An investigation into how Teams, Discord, and Signal handle Giphy integrations When everyone is working from home, a well-timed GIF sent to...
Getting Specific with Ransomware Preparedness
Most industry ransomware guidance is focused on SMB protections for commodity malware that exploits low-hanging fruit via worming and trashing share drives and document folders. “Have good backups” is still good advice, but there is much more we can do and with more...
Automated Detection Rule Analysis with Dredd
Stay ahead in cybersecurity with Dredd: automate Sigma rule testing against Mordor datasets and IDS rules evaluation with PCAPs for robust defense.
Selective Kerberoast Prevention using DACLs
Selectively prevent Kerberoasting that uses discretionary access control lists (DACL) to limit the number of accounts that can request service tickets.
No Results Found
The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.
Top 5 Benefits of Implementing a GRC Tool
Discover top GRC tool benefits for streamlined audits and compliance. Enhance reporting and stakeholder relations with a unified approach.
ThreatView – August 2012 QSA vs ISA
Uncover the differences between QSA and ISA for PCI DSS compliance in our ThreatView whitepaper.
No Results Found
The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.
PRESS RELEASE – Security Risk Advisors Celebrates National Intern Day Everyday
A robust co-op and internship program, supported by SRA’s values and strengths, helps foster new workers in the growing cybersecurity field. Philadelphia ---Security Risk Advisors (SRA), a Philadelphia-based boutique cybersecurity consulting firm, was happy to...
BSides PGH 2018 – Heavy Machinery and Burly Lumberjacks and Logging! Oh My!
Discover SRA’s Red Team SIEM strategies and tools presented at BSides PGH for efficient cyber engagement management.
PRESS RELEASE: Security Risk Advisors to Present at NH-ISAC 2018 Spring Summit
May 7, 2018, Philadelphia, PA – Security Risk Advisors will be presenting at the National Health ISAC 2018 Spring Summit on May 16th, located at the Sawgrass Marriott Golf Resort & Spa in Ponte Vedra Beach, FL. Mike Pinch, Director of Threat Management at Security...
IN THE NEWS: Why this cybersecurity firm ditched the virtual model for an office in Philly
"Things were going well for six-year-old cybersecurity firm Security Risk Advisors as a virtual company with no official HQ, said managing director Tim Wainwright. And yet Monday night, with a visit from Commerce Director Harold Epps and Councilman Derek Green,...
PRESS RELEASE: Security Risk Advisors to Present at NH-ISAC & Aviation ISAC Spring Summit 2016
May 6, 2016, Philadelphia, PA – Security Risk Advisors will be presenting at the National Health ISAC & Aviation ISAC 2016 Spring Summit on May 12th, located at the Walt Disney World Swan and Dolphin in Lake Buena Vista, FL. Dave Mertz, Threats Management Director...
PRESS RELEASE: Security Risk Advisors to Present at 2016 FS-ISAC Annual Summit
April 26, 2016 | Posted in Blue Teams April 26, 2016, Philadelphia, PA – Security Risk Advisors will be presenting at the 2016 FS-ISAC Annual Summit on May 4th, located at the Loews Miami Beach. Antonio Crespo, Consultant at Security Risk Advisors, and Vas...
Follow us on social media
Browse our Webinars
Access these virtual events on-demand and get valuable insight from our thought leaders and subject matter experts.
Get Curated Security News and Critical Vulnerability Reports
Our Threat Intelligence Gathering & Research (TIGR) team is focused on threat intelligence and curates a daily intelligence report, TIGR Threat Watch, with information collected from several industry intel sources. We also create and publish ad-hoc critical vulnerability notifications in case of critical and time-sensitive vulnerabilities or threats.