Published | JUMPSEC LABS

Advisory: IDOR in Microsoft Teams Allows for External Tenants to Introduce Malware

by Max Corbridge | Jun 21, 2023 | Exploitation, Research, Security Bug, Vulnerability, Windows

TL;DR Max Corbridge (@CorbridgeMax) and Tom Ellson (@tde_sec) of JUMPSEC’s Red Team recently discovered a vulnerability in the latest version of Microsoft Teams which allows for the possible introduction of malware into any organisations using Microsoft Teams in its default configuration. This is done by bypassing client-side security controls which prevent external tenants from sending files (malware in this case) to staff in your organisation. JUMPSEC has detailed remediation options, as well as some detection opportunities. Introduction Introducing malware into target organisations is becoming increasingly difficult. Many of the traditional payload types (.exe, Office Macros, etc) are now heavily-scrutinised or have been proactively addressed to reduce their efficacy. Similarly, payload delivery avenues such as phishing are becoming increasingly monitored and secured to reduce the...

Hunting for ‘Snake’

Following the NCSC and CISA’s detailed joint advisory on the highly sophisticated ‘Snake’ cyber espionage tool, JUMPSEC threat intelligence analysts have provided a condensed...

Advisory CVE-2023-30382 – Half-Life Local Privilege Escalation

Software: Half-Life Affected versions: Latest (<= build 5433873), at the time of writing Vendor page: www.valvesoftware.com CVE Reference: CVE-2023-30382 Published: 23/05/2023...

PowerShell Jobs

by editor | Oct 7, 2021 | Detection, Incident Response, Monitoring, Windows

JUMPSEC investigators recently observed an adversary weaponising PowerShell Jobs to schedule their attack whilst responding to an incident. We discuss what PowerShell Jobs are, how they can be leveraged for malicious purposes, and how defenders can protect, detect, and respond to neutralise the threat.

Burp Suite and Beyond: Exploring non-HTTP protocols using MITM_RELAY

by editor | Aug 24, 2021 | Application Security, burpsuite, network, Network Tools, Research

In this article, Muhammet takes us on a deep technical journey to persevere beyond the limitations of the proxy tool Burpsuite, and explore non-HTTP, application-layer protocols using ‘MITM RELAY’.

Running Once, Running Twice, Pwned! Windows Registry Run Keys

by editor | Aug 11, 2021 | Detection, Incident Response, Monitoring, Windows

The Windows registry is a vast and complex topic and cannot be understood and defended in one article. One particular area of interest from a security perspective is registry run keys. In this article, we discuss who uses them, how to uncover abuse, and how to eradicate evil from them.

Can Depix deobfuscate your data?

by editor | Aug 3, 2021 | Jumpsec, Obfuscation, Password Cracking, Uncategorized

In this post, Caleb explores Depix and its potential to recover sensitive text from reports that were redacted by the original authors.

Car Hacking – Manual Bypass of Modern Rolling Code Implementations

by 0x5c4r3 | Jul 22, 2021 | Exploitation, Social Engineering

Introduction I recently researched modern algorithms used by keyfobs to open cars. Since most of the blogs online talking about the topic are unfortunately quite old and in general and do not precisely describe the exact path followed in detail, nor the code used. I thought that talking about my experience could be interesting and inspiring for other researchers. I won’t go in depth on certain...

Obfuscating C2 During a Red Team Engagement

by editor | Jul 16, 2021 | Uncategorized

Command-and-Control (C2) infrastructure is one the most important tools in a red teamer’s arsenal. In this article, we introduce a few simple methods that red teams use to harden their C2 infrastructure.

PRINTNIGHTMARE NETWORK ANALYSIS

by editor | Jul 7, 2021 | Detection, Uncategorized

By Dray Agha The infosec community has been busy dissecting the PrintNightmare exploit. There are now variations of the exploit that can have various impacts on a target machine. When we at JUMPSEC saw that Lares had captured some network traffic of the PrintNightmare exploit in action, I wondered if there was an opportunity to gather network-level IoCs...

Securing against new offensive techniques abusing active directory certificate service

by editor | Jul 6, 2021 | Detection, Vulnerability

SpecterOps recently released an offensive security research paper that details techniques enabling an adversary to abuse insecure functionality in Active Directory Certificate Service. SpecterOps reports that abusing the legitimate functionality of Active Directory Certificate Service will allow an adversary to forge the elements of a certificate to authenticate as any user or administrator in...

« Older Entries

Next Entries »

JUMPSEC LABS

Hunting for ‘Snake’

Advisory CVE-2023-30382 – Half-Life Local Privilege Escalation

PowerShell Jobs

Burp Suite and Beyond: Exploring non-HTTP protocols using MITM_RELAY

Running Once, Running Twice, Pwned! Windows Registry Run Keys

Can Depix deobfuscate your data?

Obfuscating C2 During a Red Team Engagement

PRINTNIGHTMARE NETWORK ANALYSIS

Securing against new offensive techniques abusing active directory certificate service

[Latest Posts]

[Categories]

GitHub Activity

Twitter

Latest from JUMPSEC

Disclaimer