The JUMPSEC Lab is a place where the the technical team get creative and showcase their latest security research, publications, interesting news and general thoughts!  We love what we do and are passionate about security, with some great upcoming projects planned, bookmark our site and stick around to see what we are working on.

Running Once, Running Twice, Pwned! Windows Registry Run Keys

Running Once, Running Twice, Pwned! Windows Registry Run Keys

The Windows registry is a vast and complex topic and cannot be understood and defended in one article. One particular area of interest from a security perspective is registry run keys. In this article, we discuss who uses them, how to uncover abuse, and how to eradicate evil from them.

read more

Car Hacking – Manual Bypass of Modern Rolling Code Implementations

Introduction I recently researched modern algorithms used by keyfobs to open cars. Since most of the blogs online talking about the topic are unfortunately quite old and in general and do not precisely describe the exact path followed in detail, nor the code used. I thought that talking about my experience could be interesting and inspiring for other researchers. I won’t go in depth on certain...

read more


By Dray Agha The infosec community has been busy dissecting the PrintNightmare exploit. There are now variations of the exploit that can have various impacts on a target machine. When we at JUMPSEC saw that Lares had captured some network traffic of the PrintNightmare exploit in action, I wondered if there was an opportunity to gather network-level IoCs...

read more

Securing against new offensive techniques abusing active directory certificate service

SpecterOps recently released an offensive security research paper that details techniques enabling an adversary to abuse insecure functionality in Active Directory Certificate Service. SpecterOps reports that abusing the legitimate functionality of Active Directory Certificate Service will allow an adversary to forge the elements of a certificate to authenticate as any user or administrator in...

read more

Overcoming Issues Using Custom Python Scripts with Burp Suite Professional

Summary / TL:DR I recently encountered some issues when using Burp Suite Professional which led me to playing around with the Python Scripter extension. The extension allows running custom Python scripts on every request/response processed by Burp, including those generated by functionality such as Burp's active scanner. This has a number of potential use cases, but I found it particularly...

read more

Win a place @HackFu 2021 Community Edition!

Hello world!At JUMPSEC we’ve managed to get our hands on tickets to what is probably the greatest cyber security event in the calendar, HackFu!In order to be in with a chance of winning you simply need to complete the following challenge which you can download here (the download contains all the information needed to complete the challenge):...

read more

Detecting known DLL hijacking and named pipe token impersonation attacks with Sysmon

Recently we posted a bunch of advisories relating to Ivanti Unified Endpoint Manager, a couple of which are for vulnerabilities which can be used to achieve local privilege escalation. We will give a brief explanation of the vulnerabilities and an example of Sysmon configuration rules to log exploitation attempts, along with the rationale behind them so you can adapt them to your existing configuration if needed.

read more

Advisory CVE-2020-13773 – Ivanti Unified Endpoint Manager Reflected XSS

Software: Ivanti Endpoint ManagerAffected Versions: <= 2020.1.1Vendor page: www.ivanti.comCVE Reference: CVE-2020-13773Published: 13/11/2020CVSS 3.1 Score: 5.5 - AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:LAttack Vector: Remote, authenticatedCredits: Andrei Constantin Scutariu, Lenk Ratchakrit, Calvin Yau Summary Various web pages on Ivanti Unified Endpoint Manager web management console lack proper...

read more

GitHub Activity

JumpsecLabs pushed to main in JumpsecLabs/Guidance-Advice Jul 20, 2021
1 commit to main
JumpsecLabs pushed to master in JumpsecLabs/shad0w Jul 20, 2021
2 commits to master



1 week ago
In an exciting new series, Dan and Dray ( @Purp1eW0lf) will be exploring the 'Science behind Cyber Security'

The first article considers the scientific rationale for simulating a cyber attack and rehearsing your response

1 month ago
In this article, Muhammet ( @hit1t) helps us overcome limitations in #Burpsuite.

Specifically, what to do if the application you're studying doesn't use HTTP to communicate!?

@hit1t has our back when it comes to proxies and application research 💪🔬

1 month ago
Our Dray ( @purp1ew0lf) offered up some JUMPSEC thoughts on the latest, significant #Realtek-related #IoT #vulnerabilities

You can read about it here:
1 month ago
In this article, Dray ( @Purp1eW0lf) takes us through #Windows Registry Run Keys.

How run keys are used for evil, and then how to remediate and triage malicious instances🕵️‍♀️🛡️

Also featuring top-tier memes (he says)

1 month ago
Huge congratulations to @hit1t.

With every credential he gains, mobile applications all around the world tremble with fear that Muhammet will reveal their secrets! https://t.co/BdE8flE1gp
2 months ago
No matter the day or time, @umairq92 is always ready to defend a network.

We’re proud he got to flex his blue team muscles in the #opensoc competition.

Truly deserving of the title: #SOCFather https://t.co/OaLlNxNWd9
Dray Agha @Purp1eW0lf
I am hugely proud of @umairq92 for hitting this competition with everything he's got.

He is a hugely talented gentleman, and humble to boot too.

#SOCFather https://t.co/QVRscpFDNv


The information provided on this website is to be used for educational purposes only. The author is in no way responsible for any misuse of the information provided. Any actions and or activities related to the material contained within this website is solely your responsibility.