Latest Articles
Securing against new offensive techniques abusing active directory certificate service
SpecterOps recently released an offensive security research paper that details techniques enabling an adversary to abuse insecure functionality in Active Directory Certificate Service. SpecterOps reports that abusing the legitimate functionality of Active Directory Certificate Service will allow an adversary to forge the elements of a certificate to authenticate as any user or administrator in Active Directory. JUMPSEC has highlighted numerous changes that can be made to Active Directory Certificate Service configuration to protect the domain through a defence-in-depth approach.
July 6, 2021,dray
Overcoming Issues Using Custom Python Scripts with Burp Suite Professional
Summary / TL:DR I recently encountered some issues when using Burp Suite Professional which led me to playing around with the Python Scripter extension. The extension allows running custom Python scripts on every request/response processed by Burp, including those generated by functionality such as Burp’s active scanner. This has a number of potential use cases, but I found it particularly useful to re-implement client-side functions that prevented the active scanner from identifying vulnerabilities it would normally detect. The extension is quite simple to use but has a somewhat steep learning curve, so I have shared some of my processes, findings and code samples which may be useful for others in similar situations.
April 28, 2021,phil
Win a place @HackFu 2021 Community Edition!
Hello world! At JUMPSEC we’ve managed to get our hands on tickets to what is probably the greatest cyber security event in the calendar, HackFu! In order to be in with a chance of winning you simply need to complete the following challenge which you can download here (the download contains all the information needed to complete the challenge): https://drive.google.com/file/d/1WFU23lFzGtxW4U5_FPzlbM4auHSZTiGt/view?usp=sharing The deadline for submissions is 6th January 2021, we will announce the lucky winner on 8th January 2021. You don’t need to but feel free to add a bit of detail on your submission - we love hearing about the creative ways in which people solve our challenges. In order to be eligible to win a HackFu ticket you must be able to attend HackFu on Friday 29th January 2021 between 09:30 and 17:30 GMT (it is an online event due to the global pandemic) and you must be at least 18 years old. If you are the lucky winner we will request a postal address from you so that you can receive your HackFu survival pack which is necessary to participate. If you’re not eligible to win the tickets or are unable to attend then you are still very welcome to have a go at the challenge and even to submit your answers or ask us for some help if you get stuck - just let us know not to enter you into the prize draw.
December 21, 2020,jstester007