Latest Articles

Car Hacking - Manual Bypass of Modern Rolling Code Implementations

IntroductionI recently researched modern algorithms used by keyfobs to open cars. Since most of the blogs online talking about the topic are unfortunately quite old and in general and do not precisely describe the exact path followed in detail, nor the code used. I thought that talking about my experience could be interesting and inspiring for other researchers. I won’t go in depth on certain topics and I will assume that the reader has a general background in basic signals theory and is comfortable with terms like radio frequencies, gain, filters…

Read more →

July 22, 2021,0x5c4r3

Obfuscating C2 During a Red Team Engagement

By shd Red Team and Magicians… 1.What is Command and ControlCommand-and-Control (C2) infrastructure is one the most important tools in a red teamer’s arsenal. In this article, we introduce a few simple methods that red teams use to harden their C2 infrastructure. C2 comes in various forms - but regardless they all share a basic function: they allow the red teamer (or threat actor) to communicate with a compromised machine. During an offensive campaign, testers may accumulate a number of compromised machines but it can be difficult and overwhelming to maintain, orchestrate, and control them in large numbers. On top of this to guarantee the campaign’s longevity, malicious communications back and forth to the compromised machine must be secure, obfuscated, and reliable, adding a further layer of complexity.

Read more →

July 16, 2021,Patryk Zajdel

PRINTNIGHTMARE NETWORK ANALYSIS

By Dray Agha The infosec community has been busy dissecting the PrintNightmare exploit. There are now variations of the exploit that can have various impacts on a target machine. When we at JUMPSEC saw that Lares had captured some network traffic of the PrintNightmare exploit in action, I wondered if there was an opportunity to gather network-level IoCs and processes that could offer defenders unique but consistent methods of detection across the various exploits.

Read more →

July 7, 2021,dray