Latest Articles
Advisory: IDOR in Microsoft Teams Allows for External Tenants to Introduce Malware
TL;DR Max Corbridge (@CorbridgeMax) and Tom Ellson (@tde_sec) of JUMPSEC’s Red Team recently discovered a vulnerability in the latest version of Microsoft Teams which allows for the possible introduction of malware into any organisations using Microsoft Teams in its default configuration. This is done by bypassing client-side security controls which prevent external tenants from sending files (malware in this case) to staff in your organisation. JUMPSEC has detailed remediation options, as well as some detection opportunities.
June 21, 2023,Max Corbridge
Hunting the Snake: An Overview of Threat Hunting with Velociraptor
In May 2023 the NCSC and CISA released a joint cyber security advisory addressing a piece of Russian malware called Snake. According to them, this malware has been gathering intelligence for the FSB in more than 50 countries for the last 20 years. Off the back of this advisory JUMPSEC decided to perform a number of threat hunts to provide assurance for some of our clients. Whilst conducting these hunts, we thought it would be beneficial to share the high-level methodology for this in the form of a blog post, to encourage other security professionals to proactively search for emerging threats in their infrastructure. This post will show that whilst a rich understanding of malware, TTPs, and threat hunting would certainly be beneficial, this is not a hard requirement to get started with your first hunt. Using free open-source tooling such as Velociraptor, anyone can get started.
June 19, 2023,francescoiulio
Ligolo: Quality of Life on Red Team Engagements
** ligolo bugsbunny 2023 06 09 12 50 **In recent months we, JUMPSEC’s red team, have been using a nifty little tool that we would like to share with you in this blog post. Ligolo-ng is a versatile tool that has been aiding our covert, and slightly-less-covert, engagements with regards to tunnelling, exfiltration, persistence, and widely improving the operators’ “quality of life” when carrying out assessments involving beaconing from within an internal network.
June 9, 2023,francescoiulio