My Perspective on MFA Security In an era of relentless cyber threats, multi-factor authentication (MFA) has become a cornerstone of modern security practices, adding an extra layer of protection beyond traditional passwords. It’s a widely used defence that strengthens account security and helps prevent unauthorised access. But while MFA is a crucial security measure, it’s not a silver bullet. Cybercriminals are constantly adapting, finding new ways to bypass or manipulate different authentication methods. Whether it’s phishing, machine-in-the-middle attacks, MFA fatigue, or social engineering, no authentication mechanism is completely immune. In this blog post, I’ll explore the various methods used to protect user credentials and rank the most common MFA mechanisms based on how vulnerable they are to the types of attacks we’re seeing in today’s threat landscape. Multi-Factor...
JUMPSEC LABS
The JUMPSEC Lab is a place where the technical team get creative and showcase their latest security research, publications, interesting news and general thoughts! We love what we do and are passionate about security, with some great upcoming projects planned, bookmark our site and stick around to see what we are working on.
TokenSmith – Bypassing Intune Compliant Device Conditional Access
Conditional Access Policies (CAPs) are the core of Entra ID’s perimeter defense for the vast majority of Enterprise Microsoft 365 (M365) and Azure environments. The core ideas of...
BCP, as easy as ABC?
A Business Continuity Plan (BCP) is a strategic playbook created to help an organisation maintain or quickly resume business functions in the face of disruption. (Pratt, Tittel,...
What’s in a Name? Writing custom DNS tunnelling protocol, exploiting unexpected AWS Lambda misconfiguration – in a web app Pen test (Part 2)
In Part 1 of the series we looked at how an AWS Lambda-powered feature was exploited in a web app penetration test initially leading to RCE and further on with out-of-band data exfiltration via DNS. Though the exact mechanism of achieving remote-code execution with Python was not discussed, we went in depth in how to return data as a result of the code being executed. Initially, with...
What’s in a Name? Writing custom DNS tunnelling protocol, exploiting unexpected AWS Lambda misconfiguration – in a web app Pen test (Part 1)
This is a war story of an AWS web application test where remote code execution was first obtained on the client's application. Then I needed to write my own DNS tunnelling 'protocol' to get the data out. Following a number of twists and turns I impersonated the application and attempted to laterally move within the AWS tenant. Before storytelling though, let's start with a public service...
WASM Smuggling for Initial Access and W.A.L.K. Tool Release
TL;DR This blog post introduces Web Assembly (WASM) as a powerful alternative to traditional web technologies, highlighting its appeal to cybersecurity professionals for evading security measures for initial access. WASM has been observed being leveraged in the wild as a new payload delivery avenue which can land payloads in a hardened email inbox or instant messaging chats. A new tool, W.A.L.K....
Adventures and Accidental Honeypots in Network Infrastructure: Unravelling Internet Shenanigans
Hello World! So, I've been tinkering with network stuff lately, trying to set up some infrastructure.Turns out that in the process, I made a rookie mistake and left a few ports open to the internet! A few months down the line I took a look and to no one’s surprise my server had been bombarded with all sorts of requests. It was receiving a steady stream of traffic, but not the good kind…think of...
Poisoning Pipelines: Azure DevOps Edition
Introduction In the ever-evolving realm of cloud services, organisations are ditching the headaches of physical infrastructure management and diving headfirst into the possibilities of cloud platforms. From the humble beginnings of deploying virtual machines and servers, we now find ourselves in a dynamic space with everything from serverless architectures to cloud-based active directories,...
Why sneak when you can walk through the front door – A Love letter to Password Spraying against M365 in Red Team Engagements
In 2023 through 2024, JUMPSEC's red team gained access to Microsft 365 (M365) environments of sophisticated clients during adversarial engagements with an approach that breathes life into the decades-old technique of password spraying. With threat actors increasingly using similar approaches in the wild, being able to compromise the even likes of Microsoft themselves, it is my opinion that red...
Advisory CVE-2023-43042 – IBM Backup Products Superuser Information Disclosure
Software: IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize products Affected versions: 8.3 Vendor page: https://www.ibm.com/support/pages/node/7064976 CVE Reference: CVE-2023-43042 Published: 08/12/2023 CVSS 3.0 Score: 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Attack Vector: Network Credit: Max Corbridge Summary JUMPSEC’s Head of Adversarial Simulation...
Red Teaming the Cloud: A Shift in Perspective
Having delivered entirely cloud red teams, JUMPSEC experts discuss the shifts in perspective necessary for red teamers when targeting cloud environments.
Disclaimer
The information provided on this website is to be used for educational purposes only. The author is in no way responsible for any misuse of the information provided. Any actions and or activities related to the material contained within this website is solely your responsibility.