JUMPSEC LABS

The JUMPSEC Lab is a place where the the technical team get creative and showcase their latest security research, publications, interesting news and general thoughts!  We love what we do and are passionate about security, with some great upcoming projects planned, bookmark our site and stick around to see what we are working on.

Obfuscating C2  During a Red Team Engagement

Obfuscating C2 During a Red Team Engagement

Command-and-Control (C2) infrastructure is one the most important tools in a red teamer’s arsenal. In this article, we introduce a few simple methods that red teams use to harden their C2 infrastructure.

read more

PRINTNIGHTMARE NETWORK ANALYSIS

By Dray Agha The infosec community has been busy dissecting the PrintNightmare exploit. There are now variations of the exploit that can have various...

read more

Thunder Eye – Threat Intelligence Aggregator

The project currently code-named Thunder Eye is a threat intelligence aggregator that will act as an internal and external search engine for a variety of intelligence purposes. It will collect and store data varying from vulnerability scans, DNS data, breach lists, torrent sites, honeypot networks, and some manually inserted data sourced from our threat hunting and incident response/SOC...

read more

API Hooking Framework

An API hooking framework, composed by a Windows driver component for library injection, a DLL file for function hooking and reporting, and a web service presenting a user interface and managing the communications between the user and the other components.The framework is aimed towards desktop application testing and vulnerability research: allows a granular monitoring of one or more processes at...

read more

shad0w

Post exploitation is large part of a red team engagement. While many organisations begin to mature and start to deploy a range of sophisticated Endpoint Detection & Response solutions (EDR) onto their networks, it requires us, as attackers to also mature. We need to upgrade our arsenal to give us the capabilities to successfully operate on their networks. That is why today, I am releasing shad0w.

shad0w is a post exploitation framework which is designed to operate covertly on such networks, providing the operator with much greater control over their engagements. Over future blog posts I will go into greater detail on the intricacies of how shad0w works. This blog post will, therefore, serve as an introduction into the usage and features that shad0w has to offer.

read more

Bypassing Antivirus with Golang – Gopher it!

In this blog post, we’re going to detail a cool little trick we came across on how to bypass most antivirus products to get a Metepreter reverse shell on a target host. This all started when we came across a Github repository written in Golang, which on execution could inject shellcode into running processes. By simply generating a payload with msfvenom we tested it and found that it was easily...

read more

Enhanced logging to detect common attacks on Active Directory– Part 1

In this blog post I am going to tackle the topic of detecting common attacks using Active Directory logs. It is important to understand the power of data in InfoSec world. Too much data means you’ll be spending rest of the week digging through millions of log entries to try and figure out what the adversary was up to. You can set filters to help you through this, however it can get...

read more

Short introduction to Network Forensics and Indicators of Compromise (IoC)

“Indicator of compromise (IOC) in computer forensics is an artifact observed on a network or in an operating system that with high confidence indicates a computer intrusion. Typical IOCs are virus signatures and IP addresses, MD5 hashes of malware files or URLs or domain names of botnet command and control servers. After IOCs have been identified in a process of incident response and computer...

read more

CVE 2015-7547 glibc getaddrinfo() DNS Vulnerability

Hello w0rld! JUMPSEC researchers have spent some time on the glibc DNS vulnerability indexed as CVE 2015-7547 (It hasn’t got a cool name like GHOST unfortunately…). It appears to be a highly critical vulnerability and covers a large number of systems. It allows remote code execution by a stack-based overflow in the client side DNS resolver. In this post we would like to present our analysis....

read more

GitHub Activity

@JumpsecLabs
JumpsecLabs pushed to main in JumpsecLabs/Guidance-Advice Jul 20, 2021
1 commit to main
@JumpsecLabs
JumpsecLabs pushed to master in JumpsecLabs/shad0w Jul 20, 2021
2 commits to master

 

Twitter

Inspired from a recent incident response, in this article our Dray ( @Purp1eW0lf) shows us how to hunt down malicious PowerShell Scheduled Jobs⏳⏳🕵️‍♀️🕵️‍♀️

https://t.co/iKCSF5FEsB
In an exciting new series, Dan and Dray ( @Purp1eW0lf) will be exploring the 'Science behind Cyber Security'

The first article considers the scientific rationale for simulating a cyber attack and rehearsing your response

https://t.co/te4QxWlyyR
In this article, Muhammet ( @hit1t) helps us overcome limitations in #Burpsuite.

Specifically, what to do if the application you're studying doesn't use HTTP to communicate!?

@hit1t has our back when it comes to proxies and application research 💪🔬

https://t.co/mf7FQBqfHo
Our Dray ( @purp1ew0lf) offered up some JUMPSEC thoughts on the latest, significant #Realtek-related #IoT #vulnerabilities

You can read about it here:
https://t.co/GUEgAyQpJY
In this article, Dray ( @Purp1eW0lf) takes us through #Windows Registry Run Keys.

How run keys are used for evil, and then how to remediate and triage malicious instances🕵️‍♀️🛡️

Also featuring top-tier memes (he says)

https://t.co/k7cSc8hTFK

Disclaimer

The information provided on this website is to be used for educational purposes only. The author is in no way responsible for any misuse of the information provided. Any actions and or activities related to the material contained within this website is solely your responsibility.