Latest Articles

Active Cyber Defence - Taking back control

Every good cybersecurity article needs a Sun Tzu quote, here is one lesser known quote from Sun Tzu to start us off. 1 What Happened? Recently, JUMPSEC’s Detection and Response Team (DART) caught a Red Team inside one of our MxDR clients’ networks using a honeypot server. The honeypot server was set up using Thinkst Applied Research’s project called OpenCanary. This open-source project from Thinkst emulates different network protocols and when interacted with, creates an alert providing information to the defensive team, such as the source of the request.

Read more →

October 15, 2024,Umair Qamar

NTLM Relaying - Making the Old New Again

davesbloggie I am old enough to remember that it was not always possible to get domain admin within the first hour of a test via Active Directory Certificate Services (ADCS) misconfigurations or over permissioned SCCM NAA accounts. At present we are spoilt for choice in regards to privilege escalation vectors within the on-premise AD environment’s, but I wanted to take a look at some of the other misconfigurations that proved to be fruitful before the advent of ADCS and SCCM and continue to land me quick wins on engagements, such as:

Read more →

September 17, 2024,David Kennedy

Building Forensic Expertise: A Two-Part Guide to Investigating a Malicious USB Device (Part 2)

In this part 2, we’ll walk you through the step-by-step process of setting up and conducting a Digital Forensics and Incident Response (DFIR) investigation using a virtual machine (VM). We’ll cover everything from configuring the VM to ensure it’s completely isolated to tackling the challenges of USB passthrough with a write blocker. You’ll also learn about the risks of using public threat intelligence platforms like VirusTotal and discover alternative methods for secure file analysis.

Read more →

September 11, 2024,Emilia Chau