A Business Continuity Plan (BCP) is a strategic playbook created to help an organisation maintain or quickly resume business functions in the face of disruption. (Pratt, Tittel, Lindros, 2023) Be honest now. Who really has a truly effective Business Continuity Plan in 2024? Not the compliance-driven plan that has not been reviewed or tested properly for years. Or the “oh no, this supplier questionnaire is asking for a BCP… quick, write one” plan that won’t be much help in reality. Who has an...
JUMPSEC LABS
The JUMPSEC Lab is a place where the technical team get creative and showcase their latest security research, publications, interesting news and general thoughts! We love what we do and are passionate about security, with some great upcoming projects planned, bookmark our site and stick around to see what we are working on.
Active Cyber Defence – Taking back control
Every good cybersecurity article needs a Sun Tzu quote, here is one lesser known quote from Sun Tzu to start us off. What Happened? Recently, JUMPSEC’s Detection and Response Team (DART) caught a Red Team inside one of our MxDR clients' networks using a honeypot server. The honeypot server was set up using Thinkst Applied Research’s project called OpenCanary. This open-source project from Thinkst emulates different network protocols and when interacted with, creates an alert providing...
Building Forensic Expertise: A Two-Part Guide to Investigating a Malicious USB Device (Part 2)
In this part 2, we'll walk you through the step-by-step process of setting up and conducting a Digital Forensics and Incident Response (DFIR) investigation using a virtual machine (VM). We’ll cover everything from configuring the VM to ensure it’s completely isolated to tackling the challenges of USB passthrough with a write blocker. You'll also learn about the risks of using public threat intelligence platforms like VirusTotal and discover alternative methods for secure file analysis. Our...
Building Forensic Expertise: A Two-Part Guide to Investigating a Malicious USB Device (Part 1)
JUMPSEC believes heavily in learning and developing through real world experience. The incident described in this blog post presented a fantastic opportunity for 3 junior team members to learn first hand how to conduct, report and respond to an incident investigation. This blog post is split into two parts: Part I focuses on the prerequisites and preparation work done before kicking off the investigation, such as explaining the forensic principles used in the investigation, how the evidence is...
Hunting the Snake: An Overview of Threat Hunting with Velociraptor
In May 2023 the NCSC and CISA released a joint cyber security advisory addressing a piece of Russian malware called Snake. According to them, this malware has been gathering intelligence for the FSB in more than 50 countries for the last 20 years. Off the back of this advisory JUMPSEC decided to perform a number of threat hunts to provide assurance for some of our clients. Whilst conducting these hunts, we thought it would be beneficial to share the high-level methodology for this in the form...
Butting Heads with a Threat Actor on an Engagement
After compromising a sensitive external server JUMPSEC’s Red Team found that they were not the first ones there…
No Logs? No Problem! Incident Response without Windows Event Logs
In this article, we discuss some Digital Forensics and Incident Response (DFIR) techniques you can leverage when you encounter an environment without Windows event logs.
PowerShell Jobs
JUMPSEC investigators recently observed an adversary weaponising PowerShell Jobs to schedule their attack whilst responding to an incident. We discuss what PowerShell Jobs are, how they can be leveraged for malicious purposes, and how defenders can protect, detect, and respond to neutralise the threat.
Disclaimer
The information provided on this website is to be used for educational purposes only. The author is in no way responsible for any misuse of the information provided. Any actions and or activities related to the material contained within this website is solely your responsibility.