[email protected]      0333 939 8080

Jumpsec Labs
Jumpsec Labs

JUMPSEC LABS

The JUMPSEC Lab is a place where the the technical team get creative and showcase their latest security research, publications, interesting news and general thoughts!  We love what we do and are passionate about security, with some great upcoming projects planned, bookmark our site and stick around to see what we are working on.

Implementation and Dynamic Generation for Tasks in Apache Airflow

by Newt Tan | Nov 23, 2022 | ,

I recently worked on a project focused on log anomaly detection using manageable machine learning pipelines. The pipelines mainly include data collection --- feature extraction --- feature engineering --- detection/prediction --- updating (maintenance).  It’s important to have a solid UI to manage the pipelines so I can easily review the chain of pipelines. After much research, I found many engineers recommended Airflow.  In airflow, the core concept is the Directed Acyclic Graph (DAG). Through the implementation, I have confirmed that this is a truly powerful tool to manage the machine learning pipelines, instead of relying on shell scripts. But, I did encounter some challenges during the process and also, fortunately, found solutions for them.  The challenges can be split into two main aspects, pipeline management and dynamic generation for tasks.  Pipeline...

read more

(ZOHO) ManageEngine Desktop Central – Path Traversal / Arbitrary File Write

by tellson | Aug 2, 2022 |

Software: Zoho ManageEngine Desktop CentralAffected Versions: Before 10.0.662Vendor page: https://www.manageengine.com/products/desktop-central/vulnerabilities-in-reports-module.htmlCVE Reference: CVE-2021-46165 & CVE-2021-46166Published: 09/01/2022CVSS 3.1 Score: 8.8 HighAttack Vector: SQL Injection / Arbitrary File WriteCredits: Tom Ellson This is the second post in our two part series on...

read more

(ZOHO) ManageEngine Desktop Central – SQL Injection / Arbitrary File Write

by tellson | Aug 2, 2022 |

Software: Zoho ManageEngine Desktop CentralAffected Versions: Before 10.0.662Vendor page: https://www.manageengine.com/products/desktop-central/vulnerabilities-in-reports-module.htmlCVE Reference: CVE-2021-46164Published: 09/01/2022CVSS 3.1 Score: 8.8 HighAttack Vector: SQL Injection / Arbitrary File WriteCredits: Tom Ellson This is the first post in a two part series on Manage Engine Desktop...

read more

Advisory CVE-2021-41551 Leostream Connection Broker – Authenticated Zip Slip

by lrckt | Jan 26, 2022 | , ,

Software: Leostream Connection BrokerAffected Versions: 9.0.40.17Vendor page: https://leostream.com/CVE Reference: CVE-2021-41551Published: 25/01/2022Attack Vector: path traversal, authenticatedCredits: Andrei Constantin Scutariu, Lenk Ratchakrit Seriamnuai, Andrea Malusardi Summary Leostream Connection Broker 9.0.40.17 allows administrators to conduct directory traversal attacks by uploading a...

read more

Advisory CVE-2021-41550 Leostream Connection Broker – Authenticated Remote Code Execution

by lrckt | Jan 26, 2022 | , ,

Software: Leostream Connection BrokerAffected Versions: 9.0.40.17Vendor page: https://leostream.com/CVE Reference: CVE-2021-41550Published: 25/01/2022Attack Vector: Remote, authenticatedCredits: Andrei Constantin Scutariu, Lenk Ratchakrit Seriamnuai, Andrea Malusardi Summary As the Leostream Connection Broker version: 9.0.40.17 allowed an attacker to upload any content through Third Party...

read more

PowerShell Jobs

by editor | Oct 7, 2021 | , , ,

JUMPSEC investigators recently observed an adversary weaponising PowerShell Jobs to schedule their attack whilst responding to an incident. We discuss what PowerShell Jobs are, how they can be leveraged for malicious purposes, and how defenders can protect, detect, and respond to neutralise the threat.

read more

GitHub Activity

 

Twitter

Jumpsec Labs · 4 days ago
@JumpsecLabs
Head of Defensive, Matt Lawrence is speaking at CREST's Careers advice evening tonight. Giving an overview of working in #Incidentresponse. There is a great lineup of industry experts.
Get your ticket here: ➡️ https://t.co/wLBXA6LIiw
#cybersecurity #career @CRESTadvocate https://t.co/k15dI2DoHl
View on Twitter
CREST@CRESTadvocate
Interested in working in #cybersecurity? On 1st December, CREST is hosting a careers advice evening!

📍 Online
⏰ 17:30 - 20:00 (GMT)

This is a chance to hear from experts in the industry and ask questions about career pathways. Get your free ticket 👇
https://t.co/V06OL3jXeZ https://t.co/Sgky1JqVnL
0
1
Jumpsec Labs · 2 weeks ago
@JumpsecLabs
Read our latest blog - Implementation and Dynamic Generation for Tasks in Apache Airflow tackling a number of challenges discovered along the way. And the solutions...
Read here: https://t.co/YPEYUO8U6c

#machinelearning #cybernews #labs #apache #apacheairflow https://t.co/kFYyHKX4iU
View on Twitter
3
1
Jumpsec Labs · 2 weeks ago
@JumpsecLabs
We're excited to be a sponsor @BsidesLondon 2022!
We have TWO tickets to give away.🎟️🎟️ Keep an eye 👀on our @JUMPSEC and @JumpsecLabs Twitter feed early next week to get your hands on them...🤲 Watch this space..................

#cyberSecurity #cybernews #giveaway https://t.co/lcHGSSoAiV
View on Twitter
12
12
Jumpsec Labs · 3 months ago
@JumpsecLabs
Jordan discusses how Red Teamers can abuse SharedUserData attributes to evade behavioural analysis based detection for most Anti-virus and EDR solutions.
Read here ➡️ https://t.co/O9gafp9AOA
#Offsec #Exploits #DefenceEvasion @0xLegacyy @JUMPSEC https://t.co/E5JUu8NHth
View on Twitter
5
8
Jumpsec Labs · 3 months ago
@JumpsecLabs
Part2 ManageEngine Desktop Central Application (MEDC). @tde_sec explores ways of exploiting the vulnerabilities identified. Read here ➡️ https://t.co/cvOK0dY4QU

#cybersecurity #vulnerabilities #SQL
@manageengine #cybernews https://t.co/wwv6HS8WPJ
View on Twitter
7
6
Jumpsec Labs · 4 months ago
@JumpsecLabs
Listen to @0xLegacyy recent talk on all things Red Team ➡️ https://t.co/jHCG36NxKS
#redteam #cybertips https://t.co/yBYvNkhpcV
View on Twitter
1
3

Latest from JUMPSEC

Disclaimer

The information provided on this website is to be used for educational purposes only. The author is in no way responsible for any misuse of the information provided. Any actions and or activities related to the material contained within this website is solely your responsibility.

Jumpsec, Unit 3E – 3F, 33 – 34 Westpoint,
Warple Way, Acton
W3 0RG

To learn more about JUMPSEC's services please get in touch:

Give us a call: 0333 939 8080

Send us a message: [email protected]

To learn more about JUMPSEC'S services please get in touch:

Give us a call: 0333 939 8080

Send us a message: [email protected]

Jumpsec, Unit 3E – 3F, 33 – 34 Westpoint,
Warple Way, Acton, W3 0RG

© JUMPSEC 2020 | Privacy Policy
JUMPSEC Ltd. is a company registered in England and Wales. Registered Address: 1 Golden Court, Richmond, Surrey, TW9 1EU. Registration Number: 08327063