Published | JUMPSEC LABS

Active Cyber Defence – Taking back control

by Umair Qamar | Oct 15, 2024 | Detection, Incident Response

Every good cybersecurity article needs a Sun Tzu quote, here is one lesser known quote from Sun Tzu to start us off. What Happened? Recently, JUMPSEC’s Detection and Response Team (DART) caught a Red Team inside one of our MxDR clients' networks using a honeypot server. The honeypot server was set up using Thinkst Applied Research’s project called OpenCanary. This open-source project from Thinkst emulates different network protocols and when interacted with, creates an alert providing information to the defensive team, such as the source of the request. An unfair advantage We believe all organisations should be able to incrementally build on their level of security, year-on-year. This means leaving generic behind and focusing on the specific threats you face, and outcomes you need to be secure from them. To do this, we draw on the expertise and attacker mindset of our...

SSH Tunnelling to Punch Through Corporate Firewalls – Updated take on one of the oldest LOLBINs

In my formative days of learning network hacking, SSH tunnelling was amongst the first tunnelling techniques that I learnt. I still remember trying to repeatedly decode my notes...

How to Handle Development Projects in a Pentest Company

If you are a pentester you probably never really think about programming. Instead you are testing what others have developed. However, every now and then a quick python or bash...

Azure – Securing Shared Access Signatures (SAS)

by tellson | Jul 14, 2022 | Uncategorized

Advisory CVE-2021-41551 Leostream Connection Broker – Authenticated Zip Slip

by lrckt | Jan 26, 2022 | Research, Security Bug, Vulnerability

Software: Leostream Connection BrokerAffected Versions: 9.0.40.17Vendor page: https://leostream.com/CVE Reference: CVE-2021-41551Published: 25/01/2022Attack Vector: path traversal, authenticatedCredits: Andrei Constantin Scutariu, Lenk Ratchakrit Seriamnuai, Andrea Malusardi Summary Leostream Connection Broker 9.0.40.17 allows administrators to conduct directory traversal attacks by uploading a...

Advisory CVE-2021-41550 Leostream Connection Broker – Authenticated Remote Code Execution

by lrckt | Jan 26, 2022 | Research, Security Bug, Vulnerability

Software: Leostream Connection BrokerAffected Versions: 9.0.40.17Vendor page: https://leostream.com/CVE Reference: CVE-2021-41550Published: 25/01/2022Attack Vector: Remote, authenticatedCredits: Andrei Constantin Scutariu, Lenk Ratchakrit Seriamnuai, Andrea Malusardi Summary As the Leostream Connection Broker version: 9.0.40.17 allowed an attacker to upload any content through Third Party...

No Logs? No Problem! Incident Response without Windows Event Logs

by editor | Nov 22, 2021 | Forensics, Incident Response, Windows

In this article, we discuss some Digital Forensics and Incident Response (DFIR) techniques you can leverage when you encounter an environment without Windows event logs.

PowerShell Jobs

by editor | Oct 7, 2021 | Detection, Incident Response, Monitoring, Windows

JUMPSEC investigators recently observed an adversary weaponising PowerShell Jobs to schedule their attack whilst responding to an incident. We discuss what PowerShell Jobs are, how they can be leveraged for malicious purposes, and how defenders can protect, detect, and respond to neutralise the threat.

Burp Suite and Beyond: Exploring non-HTTP protocols using MITM_RELAY

by editor | Aug 24, 2021 | Application Security, burpsuite, network, Network Tools, Research

In this article, Muhammet takes us on a deep technical journey to persevere beyond the limitations of the proxy tool Burpsuite, and explore non-HTTP, application-layer protocols using ‘MITM RELAY’.

Running Once, Running Twice, Pwned! Windows Registry Run Keys

by editor | Aug 11, 2021 | Detection, Incident Response, Monitoring, Windows

The Windows registry is a vast and complex topic and cannot be understood and defended in one article. One particular area of interest from a security perspective is registry run keys. In this article, we discuss who uses them, how to uncover abuse, and how to eradicate evil from them.

Can Depix deobfuscate your data?

by editor | Aug 3, 2021 | Jumpsec, Obfuscation, Password Cracking, Uncategorized

In this post, Caleb explores Depix and its potential to recover sensitive text from reports that were redacted by the original authors.

« Older Entries

Next Entries »

JUMPSEC LABS

Active Cyber Defence – Taking back control

SSH Tunnelling to Punch Through Corporate Firewalls – Updated take on one of the oldest LOLBINs

How to Handle Development Projects in a Pentest Company

Azure – Securing Shared Access Signatures (SAS)

Advisory CVE-2021-41551 Leostream Connection Broker – Authenticated Zip Slip

Advisory CVE-2021-41550 Leostream Connection Broker – Authenticated Remote Code Execution

No Logs? No Problem! Incident Response without Windows Event Logs

PowerShell Jobs

Burp Suite and Beyond: Exploring non-HTTP protocols using MITM_RELAY

Running Once, Running Twice, Pwned! Windows Registry Run Keys

Can Depix deobfuscate your data?

[Latest Posts]

[Categories]

GitHub Activity

Twitter

Latest from JUMPSEC

Disclaimer