JUMPSEC LABS

The JUMPSEC Lab is a place where the the technical team get creative and showcase their latest security research, publications, interesting news and general thoughts!  We love what we do and are passionate about security, with some great upcoming projects planned, bookmark our site and stick around to see what we are working on.

Implementation and Dynamic Generation for Tasks in Apache Airflow

I recently worked on a project focused on log anomaly detection using manageable machine learning pipelines. The pipelines mainly include data collection --- feature extraction --- feature engineering --- detection/prediction --- updating (maintenance).  It’s important to have a solid UI to manage the pipelines so I can easily review the chain of pipelines. After much research, I found many engineers recommended Airflow.  In airflow, the core concept is the Directed Acyclic Graph (DAG). Through the implementation, I have confirmed that this is a truly powerful tool to manage the machine learning pipelines, instead of relying on shell scripts. But, I did encounter some challenges during the process and also, fortunately, found solutions for them.  The challenges can be split into two main aspects, pipeline management and dynamic generation for tasks.  Pipeline...

read more

Overcoming Issues Using Custom Python Scripts with Burp Suite Professional

Summary / TL:DR I recently encountered some issues when using Burp Suite Professional which led me to playing around with the Python Scripter extension. The extension allows running custom Python scripts on every request/response processed by Burp, including those generated by functionality such as Burp's active scanner. This has a number of potential use cases, but I found it particularly...

read more

Win a place @HackFu 2021 Community Edition!

Hello world!At JUMPSEC we’ve managed to get our hands on tickets to what is probably the greatest cyber security event in the calendar, HackFu!In order to be in with a chance of winning you simply need to complete the following challenge which you can download here (the download contains all the information needed to complete the challenge):...

read more

Detecting known DLL hijacking and named pipe token impersonation attacks with Sysmon

Recently we posted a bunch of advisories relating to Ivanti Unified Endpoint Manager, a couple of which are for vulnerabilities which can be used to achieve local privilege escalation. We will give a brief explanation of the vulnerabilities and an example of Sysmon configuration rules to log exploitation attempts, along with the rationale behind them so you can adapt them to your existing configuration if needed.

read more

Advisory CVE-2020-13773 – Ivanti Unified Endpoint Manager Reflected XSS

Software: Ivanti Endpoint ManagerAffected Versions: <= 2020.1.1Vendor page: www.ivanti.comCVE Reference: CVE-2020-13773Published: 13/11/2020CVSS 3.1 Score: 5.5 - AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:LAttack Vector: Remote, authenticatedCredits: Andrei Constantin Scutariu, Lenk Ratchakrit, Calvin Yau Summary Various web pages on Ivanti Unified Endpoint Manager web management console lack proper...

read more

Advisory CVE-2020-13774 – Ivanti Unified Endpoint Manager authenticated RCE via file upload

Improper validation on file upload functionality present in Ivanti Unified Endpoint Manager’s web management console permits an authenticated user to upload .aspx files and execute them on the MS IIS server’s context. The issue is caused by insufficient file extension validation and insecure file operations on the uploaded image, which upon failure will leave the temporarily created files in an accessible location on the server.

read more

GitHub Activity

 

Twitter

Advisory CVE-2022-37832 - Mutiny Network Monitoring Appliance hardcoded credentials.
Full information here: ➡️ https://t.co/jhp1fHIrR8
#vulnerability #cve #networkmonitoring @Mutiny https://t.co/MKbl9mQTdx
Read our latest blog - Implementation and Dynamic Generation for Tasks in Apache Airflow tackling a number of challenges discovered along the way. And the solutions...
Read here: https://t.co/YPEYUO8U6c

#machinelearning #cybernews #labs #apache #apacheairflow https://t.co/kFYyHKX4iU
We're excited to be a sponsor @BsidesLondon 2022!
We have TWO tickets to give away.🎟️🎟️ Keep an eye 👀on our @JUMPSEC and @JumpsecLabs Twitter feed early next week to get your hands on them...🤲 Watch this space..................

#cyberSecurity #cybernews #giveaway https://t.co/lcHGSSoAiV
Jordan discusses how Red Teamers can abuse SharedUserData attributes to evade behavioural analysis based detection for most Anti-virus and EDR solutions.
Read here ➡️ https://t.co/O9gafp9AOA
#Offsec #Exploits #DefenceEvasion @0xLegacyy @JUMPSEC https://t.co/E5JUu8NHth
Part2 ManageEngine Desktop Central Application (MEDC). @tde_sec explores ways of exploiting the vulnerabilities identified. Read here ➡️ https://t.co/cvOK0dY4QU

#cybersecurity #vulnerabilities #SQL
@manageengine #cybernews https://t.co/wwv6HS8WPJ

Disclaimer

The information provided on this website is to be used for educational purposes only. The author is in no way responsible for any misuse of the information provided. Any actions and or activities related to the material contained within this website is solely your responsibility.