Latest Articles
Building Forensic Expertise: A Two-Part Guide to Investigating a Malicious USB Device (Part 1)
JUMPSEC believes heavily in learning and developing through real world experience. The incident described in this blog post presented a fantastic opportunity for 3 junior team members to learn first hand how to conduct, report and respond to an incident investigation. This blog post is split into two parts: Part I focuses on the prerequisites and preparation work done before kicking off the investigation, such as explaining the forensic principles used in the investigation, how the evidence is preserved and introducing tools deployed. Part 2 emphasises on how we utilise the tools to conduct the investigation and how we assemble all the available evidence to conclude the investigation.
August 28, 2024,Emilia Chau
Adversary at the Door - Initial Access and what's currently on the menu
wolf in sheep clothes 1 Based on the data from the Cyber Security Breaches Survey 2024, phishing with malicious links or malware remains the most common initial access vector, followed by impersonation. The challenge with impersonation attacks is that current technology often struggles to accurately determine the purpose of a website. Although checks on domain maturity, reputation, categorization, and certificates are performed, a skilled adversary can still create sophisticated phishing infrastructure that hosts malware. This allows them to establish a foothold within a network and gain initial access, despite various defences.
August 20, 2024,Patryk Zajdel
SSH Tunnelling to Punch Through Corporate Firewalls - Updated take on one of the oldest LOLBINs
ezgif 7 4b7e7cf968 In my formative days of learning network hacking, SSH tunnelling was amongst the first tunnelling techniques that I learnt. I still remember trying to repeatedly decode my notes and diagrams on the rather cumbersome syntax of single port forwarding with the -L and -R flags, which at the time was taught as “the way to do it”. If your foothold is (luckily) a Linux server, then you’re blessed with the -D flag to spin up a SOCKS proxy on the foothold itself to access the network via proxychains.
August 13, 2024,sunnychau