JUMPSEC LABS

The JUMPSEC Lab is a place where the technical team get creative and showcase their latest security research, publications, interesting news and general thoughts!  We love what we do and are passionate about security, with some great upcoming projects planned, bookmark our site and stick around to see what we are working on.

A Closer Look at Microsoft’s Latest Email Security Requirements – Tooling Release Included!

Email remains one of the most consistently targeted attack surfaces in cyber security. Despite evolving defences, phishing, spoofing, and impersonation attacks continue to be effective---largely due to gaps in how organisations authenticate the email they send. The frontline of defence? A triad of DNS-based protocols: SPF, DKIM, and DMARC. SPF (Sender Policy Framework) allows domain owners to define which mail servers are authorised to send on their behalf. DKIM (DomainKeys Identified Mail) ensures email integrity by attaching cryptographic signatures to outgoing messages. DMARC (Domain-based Message Authentication, Reporting and Conformance) enables domain owners to instruct how unauthenticated mail should be handled, and provides reporting for monitoring abuse. These mechanisms have long been recommended, but enforcement across the email ecosystem has been inconsistent in our...

read more

Ranking MFA Methods – From Least to Most Secure

My Perspective on MFA Security In an era of relentless cyber threats, multi-factor authentication (MFA) has become a cornerstone of modern security practices, adding an extra layer of protection beyond traditional passwords. It’s a widely used defence that strengthens account security and helps prevent unauthorised access. But while MFA is a crucial security measure, it’s not a silver bullet....

read more

Bring Your Own Trusted Binary (BYOTB) – BSides Edition

Recently, I presented a talk on the main stage at BSides London 2024 and the topic I chose to present on was in regards to bringing trusted binaries to a system and using them in an adversarial fashion. This post will cover what I presented and how to use these binaries in detail. If you would also like a copy of the slides they can be found here. My talk was mainly focused on binaries that...

read more

TokenSmith – Bypassing Intune Compliant Device Conditional Access

Conditional Access Policies (CAPs) are the core of Entra ID’s perimeter defense for the vast majority of Enterprise Microsoft 365 (M365) and Azure environments. The core ideas of conditional access are: Require specific auth strength in scenarios where you wish to grant access Block access in undesirable scenarios If a scenario are neither covered by a or b, then the minimal auth strength...

read more

BCP, as easy as ABC?

A Business Continuity Plan (BCP) is a strategic playbook created to help an organisation maintain or quickly resume business functions in the face of disruption. (Pratt, Tittel, Lindros, 2023) Be honest now. Who really has a truly effective Business Continuity Plan in 2024? Not the compliance-driven plan that has not been reviewed or tested properly for years. Or the “oh no, this supplier...

read more

Weaponize Your Word – Malicious Template Injection

Weaponize Your Word - Malicious Template Injection Historically, files sent via email have been a common initial access technique employed by threat actors. Personally, I have seen emails containing malware prove effective, and in the case of an IR (Incident Response) involving a malware infection, it would be one of the first places I would look to identify the source of compromise. There are...

read more

Breaking into Libraries – DLL Hijacking

Breaking into Libraries - DLL Hijacking Many of us have likely encountered DLL errors when trying to open Windows applications. If you were like my younger self, you might have naively downloaded a missing DLL from sites like dll-files.com and placed it in the application directory without giving it a second thought. This blog post will examine the risks associated with this approach. Dynamic...

read more

Active Cyber Defence – Taking back control

Every good cybersecurity article needs a Sun Tzu quote, here is one lesser known quote from Sun Tzu to start us off.   What Happened? Recently, JUMPSEC’s Detection and Response Team (DART) caught a Red Team  inside one of our MxDR clients' networks using a honeypot server. The honeypot server was set up using Thinkst Applied Research’s project called OpenCanary. This open-source project...

read more

GitHub Activity

This Repo Contains IoCs for a recently tracked phishing kit

Updated Apr 1

 

Twitter

Disclaimer

The information provided on this website is to be used for educational purposes only. The author is in no way responsible for any misuse of the information provided. Any actions and or activities related to the material contained within this website is solely your responsibility.