JUMPSEC LABS

The JUMPSEC Lab is a place where the the technical team get creative and showcase their latest security research, publications, interesting news and general thoughts!  We love what we do and are passionate about security, with some great upcoming projects planned, bookmark our site and stick around to see what we are working on.

Obfuscating C2  During a Red Team Engagement

Obfuscating C2 During a Red Team Engagement

Command-and-Control (C2) infrastructure is one the most important tools in a red teamer’s arsenal. In this article, we introduce a few simple methods that red teams use to harden their C2 infrastructure.

read more

Advisory CVE-2020-13774 – Ivanti Unified Endpoint Manager authenticated RCE via file upload

Improper validation on file upload functionality present in Ivanti Unified Endpoint Manager’s web management console permits an authenticated user to upload .aspx files and execute them on the MS IIS server’s context. The issue is caused by insufficient file extension validation and insecure file operations on the uploaded image, which upon failure will leave the temporarily created files in an accessible location on the server.

read more

Pwning Windows Event Logging with YARA rules

The Event Log coupled with Windows Event Forwarding and Sysmon can be extremely powerful in the hands of defenders, allowing them to detect attackers every step of the way. Obviously this is an issue for the attackers. Before privilege escalation it is limited what we can do to evade event logging, but once privileges have been elevated it is an equal playing field. In the past I have released a...

read more

Defending Your Malware

Malware is an important part of an engagement, though as many security solutions are now evolving past rudimentary signature comparisons to using more advanced techniques to detect malicious activity, it is important that we as attackers understand the methods they are using and how we can avoid them. Consider the following code I wrote for example. #include <stdio.h> #include...

read more

Thunder Eye – Threat Intelligence Aggregator

The project currently code-named Thunder Eye is a threat intelligence aggregator that will act as an internal and external search engine for a variety of intelligence purposes. It will collect and store data varying from vulnerability scans, DNS data, breach lists, torrent sites, honeypot networks, and some manually inserted data sourced from our threat hunting and incident response/SOC...

read more

GitHub Activity

@JumpsecLabs
JumpsecLabs pushed to main in JumpsecLabs/Guidance-Advice Jul 20, 2021
1 commit to main
@JumpsecLabs
JumpsecLabs pushed to master in JumpsecLabs/shad0w Jul 20, 2021
2 commits to master

 

Twitter

1 week ago
In an exciting new series, Dan and Dray ( @Purp1eW0lf) will be exploring the 'Science behind Cyber Security'

The first article considers the scientific rationale for simulating a cyber attack and rehearsing your response

https://t.co/te4QxWlyyR
1 month ago
In this article, Muhammet ( @hit1t) helps us overcome limitations in #Burpsuite.

Specifically, what to do if the application you're studying doesn't use HTTP to communicate!?

@hit1t has our back when it comes to proxies and application research 💪🔬

https://t.co/mf7FQBqfHo
1 month ago
Our Dray ( @purp1ew0lf) offered up some JUMPSEC thoughts on the latest, significant #Realtek-related #IoT #vulnerabilities

You can read about it here:
https://t.co/GUEgAyQpJY
1 month ago
In this article, Dray ( @Purp1eW0lf) takes us through #Windows Registry Run Keys.

How run keys are used for evil, and then how to remediate and triage malicious instances🕵️‍♀️🛡️

Also featuring top-tier memes (he says)

https://t.co/k7cSc8hTFK
1 month ago
Huge congratulations to @hit1t.

With every credential he gains, mobile applications all around the world tremble with fear that Muhammet will reveal their secrets! https://t.co/BdE8flE1gp
2 months ago
No matter the day or time, @umairq92 is always ready to defend a network.

We’re proud he got to flex his blue team muscles in the #opensoc competition.

Truly deserving of the title: #SOCFather https://t.co/OaLlNxNWd9
Dray Agha @Purp1eW0lf
I am hugely proud of @umairq92 for hitting this competition with everything he's got.

He is a hugely talented gentleman, and humble to boot too.

#SOCFather https://t.co/QVRscpFDNv

Disclaimer

The information provided on this website is to be used for educational purposes only. The author is in no way responsible for any misuse of the information provided. Any actions and or activities related to the material contained within this website is solely your responsibility.