[email protected]      0333 939 8080

Jumpsec Labs
Jumpsec Labs

JUMPSEC LABS

The JUMPSEC Lab is a place where the the technical team get creative and showcase their latest security research, publications, interesting news and general thoughts!  We love what we do and are passionate about security, with some great upcoming projects planned, bookmark our site and stick around to see what we are working on.

(ZOHO) ManageEngine Desktop Central – SQL Injection / Arbitrary File Write

by tellson | Aug 2, 2022 |

Software: Zoho ManageEngine Desktop CentralAffected Versions: Before 10.0.662Vendor page: https://www.manageengine.com/products/desktop-central/vulnerabilities-in-reports-module.htmlCVE Reference: CVE-2021-46164Published: 09/01/2022CVSS 3.1 Score: 8.8 HighAttack Vector: SQL Injection / Arbitrary File WriteCredits: Tom Ellson This is the first post in a two part series on Manage Engine Desktop Central. All of the reported issues have since been acknowledged and resolved by Managed Engine. Summary Whilst logged in as a user who has full control over the "reporting" module within Desktop Central, an attacker could directly query the underlying Postgres DB. By default, queries are made by the "dcuser" user. This user is a database administrator and has unrestricted access to all tables and databases within the postgres instance. Therefore, this user can use the built in server side...

read more

Advisory CVE-2021-41550 Leostream Connection Broker – Authenticated Remote Code Execution

by lrckt | Jan 26, 2022 | , ,

Software: Leostream Connection BrokerAffected Versions: 9.0.40.17Vendor page: https://leostream.com/CVE Reference: CVE-2021-41550Published: 25/01/2022Attack Vector: Remote, authenticatedCredits: Andrei Constantin Scutariu, Lenk Ratchakrit Seriamnuai, Andrea Malusardi Summary As the Leostream Connection Broker version: 9.0.40.17 allowed an attacker to upload any content through Third Party...

read more

PowerShell Jobs

by editor | Oct 7, 2021 | , , ,

JUMPSEC investigators recently observed an adversary weaponising PowerShell Jobs to schedule their attack whilst responding to an incident. We discuss what PowerShell Jobs are, how they can be leveraged for malicious purposes, and how defenders can protect, detect, and respond to neutralise the threat.

read more

Car Hacking – Manual Bypass of Modern Rolling Code Implementations

by 0x5c4r3 | Jul 22, 2021 | ,

Introduction I recently researched modern algorithms used by keyfobs to open cars. Since most of the blogs online talking about the topic are unfortunately quite old and in general and do not precisely describe the exact path followed in detail, nor the code used. I thought that talking about my experience could be interesting and inspiring for other researchers. I won’t go in depth on certain...

read more

GitHub Activity

 

Twitter

Jumpsec Labs · 3 hours ago
@JumpsecLabs
Listen to @0xLegacyy recent talk on all things Red Team ➡️ https://t.co/jHCG36NxKS
#redteam #cybertips https://t.co/yBYvNkhpcV
View on Twitter
1
2
Jumpsec Labs · 1 week ago
@JumpsecLabs
First in a 2-part series on ManageEngine Desktop Central, written by @tde_sec ➡️discovered multiple vulnerabilities enabling SQL Injection ➡️ https://t.co/WzW560e8Ji

#cybersecurity #vulnerabilities #SQL @manageengine https://t.co/BuTBM1DKgP
View on Twitter
2
8
Jumpsec Labs · 4 weeks ago
@JumpsecLabs
Delighted to be supporting @BSidesBSK its shaped up to be an inspiring day.

#Cyberevent #cybersecurity https://t.co/qrzHuuGxxD
View on Twitter
1
4
Jumpsec Labs · 7 months ago
@JumpsecLabs
We're hiring! Get in touch for a chat!
https://t.co/GzV3I06k4F
#cybersecurity #hiring #softwareengineer #consultants
View on Twitter
4
4
Jumpsec Labs · 9 months ago
@JumpsecLabs
How can you investigate an incident if the logs have been deleted by an attacker?! 🙉😟

In our latest article, Dray ( @Purp1eW0lf) offers some digital forensics techniques you can use when the Windows event logs have been wiped! 🕵️‍♂️🕵️‍♀️

https://t.co/g4z12irzQB
View on Twitter
6
26
Jumpsec Labs · 9 months ago
@JumpsecLabs
Big thanks to the tech team for creating an awesome #CTF A great few days of saving the world and being back together.Check it out ...
#cyberevent #cybernews #cyber @JUMPSEC https://t.co/RMgsOtUTo3
View on Twitter
JUMPSEC@JUMPSEC
Awesome three days of team building and challenges for the JUMPSEC team!

It was great to finally get together, face to face, and enjoy some time away with the company as a whole.

Check it out below!

#CyberSecurity #teambuilding #event https://t.co/xUsY7NHPeW
0
6

Latest from JUMPSEC

Disclaimer

The information provided on this website is to be used for educational purposes only. The author is in no way responsible for any misuse of the information provided. Any actions and or activities related to the material contained within this website is solely your responsibility.

Jumpsec, Unit 3E – 3F, 33 – 34 Westpoint,
Warple Way, Acton
W3 0RG

To learn more about JUMPSEC's services please get in touch:

Give us a call: 0333 939 8080

Send us a message: [email protected]

To learn more about JUMPSEC'S services please get in touch:

Give us a call: 0333 939 8080

Send us a message: [email protected]

Jumpsec, Unit 3E – 3F, 33 – 34 Westpoint,
Warple Way, Acton, W3 0RG

© JUMPSEC 2020 | Privacy Policy
JUMPSEC Ltd. is a company registered in England and Wales. Registered Address: 1 Golden Court, Richmond, Surrey, TW9 1EU. Registration Number: 08327063