The JUMPSEC Lab is a place where the the technical team get creative and showcase their latest security research, publications, interesting news and general thoughts!  We love what we do and are passionate about security, with some great upcoming projects planned, bookmark our site and stick around to see what we are working on.

Advisory: IDOR in Microsoft Teams Allows for External Tenants to Introduce Malware

TL;DR Max Corbridge (@CorbridgeMax) and Tom Ellson (@tde_sec) of JUMPSEC’s Red Team recently discovered a vulnerability in the latest version of Microsoft Teams which allows for the possible introduction of malware into any organisations using Microsoft Teams in its default configuration. This is done by bypassing client-side security controls which prevent external tenants from sending files (malware in this case) to staff in your organisation. JUMPSEC has detailed remediation options, as well as some detection opportunities.  Introduction Introducing malware into target organisations is becoming increasingly difficult. Many of the traditional payload types (.exe, Office Macros, etc) are now heavily-scrutinised or have been proactively addressed to reduce their efficacy. Similarly, payload delivery avenues such as phishing are becoming increasingly monitored and secured to reduce the...

read more

Hunting for ‘Snake’

Following the NCSC and CISA’s detailed joint advisory on the highly sophisticated ‘Snake’ cyber espionage tool, JUMPSEC threat intelligence analysts have provided a condensed blueprint for organisations to start proactively hunting for Snake within their network, contextualising key Indicators of Compromise (IoC), and providing additional methods to validate the effectiveness of Snake...

read more

Advisory CVE-2023-30382 – Half-Life Local Privilege Escalation

Software: Half-Life Affected versions: Latest (<= build 5433873), at the time of writing Vendor page: www.valvesoftware.com CVE Reference: CVE-2023-30382 Published: 23/05/2023 CVSS 3.1 Score: 8.2 AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H Attack Vector: Local Credit: Ryan Saridar Summary An attacker can leverage a stack-based buffer overflow via Half-Life’s command line arguments to compromise the...

read more

Advisory CVE-2022-37832 – Mutiny Network Monitoring Appliance hardcoded credentials

Software: Mutiny Network Monitoring Appliance Affected versions: <= 7.2.0-10855 Vendor page: www.mutiny.com CVE Reference: CVE-2022-37832 Published: 16/12/2022 CVSS 3.1 Score: 10.0 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Attack Vector: Network Credit: Ryan Saridar Summary An attacker can log in as root remotely to the appliance via SSH. Mitigation Upgrade to version 7.2.0-10855 onwards to...

read more

Online Machine Learning: how to integrate user feedback

When designing and implementing a machine learning model, ensuring it is continually updated is a challenge that all engineers encounter.  In this article, I explore the online machine learning technique that I used during a project and present how it was implemented for effective results. Choosing a machine learning method Machine learning solutions can be mainly split into offline and...

read more

Implementation and Dynamic Generation for Tasks in Apache Airflow

I recently worked on a project focused on log anomaly detection using manageable machine learning pipelines. The pipelines mainly include data collection --- feature extraction --- feature engineering --- detection/prediction --- updating (maintenance).  It’s important to have a solid UI to manage the pipelines so I can easily review the chain of pipelines. After much research, I found many...

read more

QUEST KACE Desktop Authority Pre-Auth Remote Code Execution (CVE-2021-44031)

Software: QUEST KACE Desktop AuthorityAffected Versions: 11.1 and earlier. Vendor page: https://www.quest.com/products/kace-desktop-authority/CVE Reference: CVE-2021-44031Published: 19/11/2021CVSS 3.1 Score: 9.8 CriticalAttack Vector: Pre-authenticated Remote Code ExecutionCredits: Tom Ellson JUMPSEC recently discovered multiple vulnerabilities in Quest KACE Desktop Authority 11.1. This is an...

read more

Abusing SharedUserData For Defense Evasion and Exploitation

Over the past few weeks, I have been working on a custom packer in my spare time. In doing so, I needed to create a method of delaying execution within the unpacker stub that didn’t use any pre-defined functions. This post documents what I discovered during this project as well as some future plans I have for this method. What is SharedUserData and Why does it exist?_KUSER_SHARED_DATA...

read more

GitHub Activity




The information provided on this website is to be used for educational purposes only. The author is in no way responsible for any misuse of the information provided. Any actions and or activities related to the material contained within this website is solely your responsibility.