JUMPSEC LABS

The JUMPSEC Lab is a place where the the technical team get creative and showcase their latest security research, publications, interesting news and general thoughts!  We love what we do and are passionate about security, with some great upcoming projects planned, bookmark our site and stick around to see what we are working on.

Overcoming Issues Using Custom Python Scripts with Burp Suite Professional

Summary / TL:DR I recently encountered some issues when using Burp Suite Professional which led me to playing around with the Python Scripter extension. The extension allows running custom Python scripts on every request/response processed by Burp, including those generated by functionality such as Burp's active scanner. This has a number of potential use cases, but I found it particularly useful to re-implement client-side functions that prevented the active scanner from identifying vulnerabilities it would normally detect. The extension is quite simple to use but has a somewhat steep learning curve, so I have shared some of my processes, findings and code samples which may be useful for others in similar situations. Background When working on a recent client project I encountered an issue where the login functionality base64 encoded the username and password before sending it in a...

read more
Detecting known DLL hijacking and named pipe token impersonation attacks with Sysmon

Detecting known DLL hijacking and named pipe token impersonation attacks with Sysmon

Recently we posted a bunch of advisories relating to Ivanti Unified Endpoint Manager, a couple of which are for vulnerabilities which can be used to achieve local privilege escalation. We will give a brief explanation of the vulnerabilities and an example of Sysmon configuration rules to log exploitation attempts, along with the rationale behind them so you can adapt them to your existing configuration if needed.

read more

Advisory CVE-2020-13773 – Ivanti Unified Endpoint Manager Reflected XSS

Software: Ivanti Endpoint ManagerAffected Versions: <= 2020.1.1Vendor page: www.ivanti.comCVE Reference: CVE-2020-13773Published: 13/11/2020CVSS 3.1 Score: 5.5 - AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:LAttack Vector: Remote, authenticatedCredits: Andrei Constantin Scutariu, Lenk Ratchakrit, Calvin Yau Summary Various web pages on Ivanti Unified Endpoint Manager web management console lack proper...

read more

Advisory CVE-2020-13774 – Ivanti Unified Endpoint Manager authenticated RCE via file upload

Improper validation on file upload functionality present in Ivanti Unified Endpoint Manager’s web management console permits an authenticated user to upload .aspx files and execute them on the MS IIS server’s context. The issue is caused by insufficient file extension validation and insecure file operations on the uploaded image, which upon failure will leave the temporarily created files in an accessible location on the server.

read more

Pwning Windows Event Logging with YARA rules

The Event Log coupled with Windows Event Forwarding and Sysmon can be extremely powerful in the hands of defenders, allowing them to detect attackers every step of the way. Obviously this is an issue for the attackers. Before privilege escalation it is limited what we can do to evade event logging, but once privileges have been elevated it is an equal playing field. In the past I have released a...

read more

Defending Your Malware

Malware is an important part of an engagement, though as many security solutions are now evolving past rudimentary signature comparisons to using more advanced techniques to detect malicious activity, it is important that we as attackers understand the methods they are using and how we can avoid them. Consider the following code I wrote for example. #include <stdio.h> #include...

read more

GitHub Activity

@JumpsecLabs
JumpsecLabs made JumpsecLabs/python-burp public Apr 28, 2021

Repository containing sample scripts for use with the Python Scripter Burp Suite extension.

Python 1 Updated Apr 28

@JumpsecLabs
JumpsecLabs pushed to main in JumpsecLabs/python-burp Apr 28, 2021
1 commit to main

 

Twitter

2 weeks ago
Check out a great write-up by p.osborn on using customer python scripts in Burb:
https://t.co/v2jLr1E2eK
@JumpsecLabs @PortSwigger
6 months ago
Detecting known DLL hijacking and named pipe token impersonation attacks with Sysmon https://t.co/zaCERBG3ys #sysmon #blueteam #privesc #detection
6 months ago
Advisory CVE-2020-13773 – Ivanti Unified Endpoint Manager Reflected XSS https://t.co/gpqpRsoalK #ivanti #landesk #cve #xss
6 months ago
Advisory CVE-2020-13769 – Ivanti Unified Endpoint Manager SQL injection https://t.co/ViP2ZH2M8o #ivanti #landesk #cve #sqli
6 months ago
Advisory CVE-2020-13774 – Ivanti Unified Endpoint Manager authenticated RCE via file upload https://t.co/Qtux51SyMr #ivanti #landesk #rce #cve
6 months ago
Advisory CVE-2020-13771 – Ivanti Unified Endpoint Manager DLL search order hijacking privilege escalation https://t.co/eJK5T2K0Nd #ivanti #landesk

Disclaimer

The information provided on this website is to be used for educational purposes only. The author is in no way responsible for any misuse of the information provided. Any actions and or activities related to the material contained within this website is solely your responsibility.