Having delivered entirely cloud red teams, JUMPSEC experts discuss the shifts in perspective necessary for red teamers when targeting cloud environments.
JUMPSEC LABS
The JUMPSEC Lab is a place where the the technical team get creative and showcase their latest security research, publications, interesting news and general thoughts! We love what we do and are passionate about security, with some great upcoming projects planned, bookmark our site and stick around to see what we are working on.
Hunting the Snake: An Overview of Threat Hunting with Velociraptor
In May 2023 the NCSC and CISA released a joint cyber security advisory addressing a piece of Russian malware called Snake. According to them, this malware has been gathering...
Ligolo: Quality of Life on Red Team Engagements
In recent months we, JUMPSEC’s red team, have been using a nifty little tool that we would like to share with you in this blog post. Ligolo-ng is a versatile tool that has been...
QUEST KACE Desktop Authority Pre-Auth Remote Code Execution (CVE-2021-44031)
Software: QUEST KACE Desktop AuthorityAffected Versions: 11.1 and earlier. Vendor page: https://www.quest.com/products/kace-desktop-authority/CVE Reference: CVE-2021-44031Published: 19/11/2021CVSS 3.1 Score: 9.8 CriticalAttack Vector: Pre-authenticated Remote Code ExecutionCredits: Tom Ellson JUMPSEC recently discovered multiple vulnerabilities in Quest KACE Desktop Authority 11.1. This is an...
Abusing SharedUserData For Defense Evasion and Exploitation
Over the past few weeks, I have been working on a custom packer in my spare time. In doing so, I needed to create a method of delaying execution within the unpacker stub that didn’t use any pre-defined functions. This post documents what I discovered during this project as well as some future plans I have for this method. What is SharedUserData and Why does it exist?_KUSER_SHARED_DATA...
(ZOHO) ManageEngine Desktop Central – Path Traversal / Arbitrary File Write
Software: Zoho ManageEngine Desktop CentralAffected Versions: Before 10.0.662Vendor page: https://www.manageengine.com/products/desktop-central/vulnerabilities-in-reports-module.htmlCVE Reference: CVE-2021-46165 & CVE-2021-46166Published: 09/01/2022CVSS 3.1 Score: 8.8 HighAttack Vector: SQL Injection / Arbitrary File WriteCredits: Tom Ellson This is the second post in our two part series on...
(ZOHO) ManageEngine Desktop Central – SQL Injection / Arbitrary File Write
Software: Zoho ManageEngine Desktop CentralAffected Versions: Before 10.0.662Vendor page: https://www.manageengine.com/products/desktop-central/vulnerabilities-in-reports-module.htmlCVE Reference: CVE-2021-46164Published: 09/01/2022CVSS 3.1 Score: 8.8 HighAttack Vector: SQL Injection / Arbitrary File WriteCredits: Tom Ellson This is the first post in a two part series on Manage Engine Desktop...
Azure – Securing Shared Access Signatures (SAS)
Advisory CVE-2021-41551 Leostream Connection Broker – Authenticated Zip Slip
Software: Leostream Connection BrokerAffected Versions: 9.0.40.17Vendor page: https://leostream.com/CVE Reference: CVE-2021-41551Published: 25/01/2022Attack Vector: path traversal, authenticatedCredits: Andrei Constantin Scutariu, Lenk Ratchakrit Seriamnuai, Andrea Malusardi Summary Leostream Connection Broker 9.0.40.17 allows administrators to conduct directory traversal attacks by uploading a...
Advisory CVE-2021-41550 Leostream Connection Broker – Authenticated Remote Code Execution
Software: Leostream Connection BrokerAffected Versions: 9.0.40.17Vendor page: https://leostream.com/CVE Reference: CVE-2021-41550Published: 25/01/2022Attack Vector: Remote, authenticatedCredits: Andrei Constantin Scutariu, Lenk Ratchakrit Seriamnuai, Andrea Malusardi Summary As the Leostream Connection Broker version: 9.0.40.17 allowed an attacker to upload any content through Third Party...
No Logs? No Problem! Incident Response without Windows Event Logs
In this article, we discuss some Digital Forensics and Incident Response (DFIR) techniques you can leverage when you encounter an environment without Windows event logs.
Disclaimer
The information provided on this website is to be used for educational purposes only. The author is in no way responsible for any misuse of the information provided. Any actions and or activities related to the material contained within this website is solely your responsibility.