[email protected]      0333 939 8080

Jumpsec Labs
Jumpsec Labs

JUMPSEC LABS

The JUMPSEC Lab is a place where the technical team get creative and showcase their latest security research, publications, interesting news and general thoughts!  We love what we do and are passionate about security, with some great upcoming projects planned, bookmark our site and stick around to see what we are working on.

A Closer Look at Microsoft’s Latest Email Security Requirements – Tooling Release Included!

by Francesco Iulio | Apr 11, 2025 |

Email remains one of the most consistently targeted attack surfaces in cyber security. Despite evolving defences, phishing, spoofing, and impersonation attacks continue to be effective---largely due to gaps in how organisations authenticate the email they send. The frontline of defence? A triad of DNS-based protocols: SPF, DKIM, and DMARC. SPF (Sender Policy Framework) allows domain owners to define which mail servers are authorised to send on their behalf. DKIM (DomainKeys Identified Mail) ensures email integrity by attaching cryptographic signatures to outgoing messages. DMARC (Domain-based Message Authentication, Reporting and Conformance) enables domain owners to instruct how unauthenticated mail should be handled, and provides reporting for monitoring abuse. These mechanisms have long been recommended, but enforcement across the email ecosystem has been inconsistent in our...

read more

Active Cyber Defence – Taking back control

by Umair Qamar | Oct 15, 2024 | ,

Every good cybersecurity article needs a Sun Tzu quote, here is one lesser known quote from Sun Tzu to start us off.   What Happened? Recently, JUMPSEC’s Detection and Response Team (DART) caught a Red Team  inside one of our MxDR clients' networks using a honeypot server. The honeypot server was set up using Thinkst Applied Research’s project called OpenCanary. This open-source project...

read more

NTLM Relaying – Making the Old New Again

by David Kennedy | Sep 17, 2024 |

I am old enough to remember that it was not always possible to get domain admin within the first hour of a test via Active Directory Certificate Services (ADCS) misconfigurations or over permissioned SCCM NAA accounts. At present we are spoilt for choice in regards to privilege escalation vectors within the on-premise AD environment's, but I wanted to take a look at some of the other...

read more

Building Forensic Expertise: A Two-Part Guide to Investigating a Malicious USB Device (Part 2)

by Emilia Chau, Marin Gheorge, Muhammad Jawad | Sep 11, 2024 | ,

In this part 2, we'll walk you through the step-by-step process of setting up and conducting a Digital Forensics and Incident Response (DFIR) investigation using a virtual machine (VM). We’ll cover everything from configuring the VM to ensure it’s completely isolated to tackling the challenges of USB passthrough with a write blocker. You'll also learn about the risks of using public threat...

read more

Building Forensic Expertise: A Two-Part Guide to Investigating a Malicious USB Device (Part 1)

by Emilia Chau, Marin Gheorge, Muhammad Jawad | Aug 28, 2024 | ,

JUMPSEC believes heavily in learning and developing through real world experience. The incident described in this blog post presented a fantastic opportunity for 3 junior team members to learn first hand how to conduct, report and respond to an incident investigation. This blog post is split into two parts: Part I focuses on the prerequisites and preparation work done before kicking off the...

read more

Adversary at the Door – Initial Access and what’s currently on the menu

by Patryk Zajdel | Aug 20, 2024 | ,

Based on the data from the Cyber Security Breaches Survey 2024, phishing with malicious links or malware remains the most common initial access vector, followed by impersonation. The challenge with impersonation attacks is that current technology often struggles to accurately determine the purpose of a website. Although checks on domain maturity, reputation, categorization, and certificates are...

read more

SSH Tunnelling to Punch Through Corporate Firewalls – Updated take on one of the oldest LOLBINs

by Sunny Chau | Aug 13, 2024 | , ,

In my formative days of learning network hacking, SSH tunnelling was amongst the first tunnelling techniques that I learnt. I still remember trying to repeatedly decode my notes and diagrams on the rather cumbersome syntax of single port forwarding with the -L and -R flags, which at the time was taught as “the way to do it”. If your foothold is (luckily) a Linux server, then you’re blessed with...

read more

How to Handle Development Projects in a Pentest Company

by Bjoern Schwabe | Aug 6, 2024 | ,

If you are a pentester you probably never really think about programming. Instead you are testing what others have developed. However, every now and then a quick python or bash script is needed to exploit some stuff you have found, or automate a certain process you are using.  Things become interesting when you are in a penetration testing company that has many strong penetration testers and...

read more

How Cloud Migration is Affecting AppSec – A Red Teamer’s Perspective

by Max Corbridge | Jul 4, 2024 | , , , , , ,

Introduction I’ve recently spoken at several conferences about the changes that are underway within red teaming as a result of cloud migration. My team and I have been delivering majority cloud red team work over the last year and the differences are becoming more apparent by the day. One point I’ve mentioned as ‘controversial’ at several of these events is that cloud migration has actually made...

read more

GitHub Activity

 

Twitter

·
@
View on Twitter

Latest from JUMPSEC

Disclaimer

The information provided on this website is to be used for educational purposes only. The author is in no way responsible for any misuse of the information provided. Any actions and or activities related to the material contained within this website is solely your responsibility.

Jumpsec, Unit 3E – 3F, 33 – 34 Westpoint,
Warple Way, Acton
W3 0RG

To learn more about JUMPSEC's services please get in touch:

Give us a call: 0333 939 8080

Send us a message: [email protected]

To learn more about JUMPSEC'S services please get in touch:

Give us a call: 0333 939 8080

Send us a message: [email protected]

Jumpsec, Unit 3E – 3F, 33 – 34 Westpoint,
Warple Way, Acton, W3 0RG

© JUMPSEC 2020 | Privacy Policy
JUMPSEC Ltd. is a company registered in England and Wales. Registered Address: 1 Golden Court, Richmond, Surrey, TW9 1EU. Registration Number: 08327063