[email protected]      0333 939 8080

Jumpsec Labs
Jumpsec Labs

JUMPSEC LABS

The JUMPSEC Lab is a place where the technical team get creative and showcase their latest security research, publications, interesting news and general thoughts!  We love what we do and are passionate about security, with some great upcoming projects planned, bookmark our site and stick around to see what we are working on.

Bring Your Own Trusted Binary (BYOTB) – BSides Edition

by David Kennedy | Feb 6, 2025 | ,

Recently, I presented a talk on the main stage at BSides London 2024 and the topic I chose to present on was in regards to bringing trusted binaries to a system and using them in an adversarial fashion. This post will cover what I presented and how to use these binaries in detail. If you would also like a copy of the slides they can be found here. My talk was mainly focused on binaries that allow for the passing of the following 5 scenarios: Proxy my Kali tools, and tunnel traffic into an environment Bypass EDR (e.g. CrowdStrike), on dropping to disk and on execution Firewall friendly A good alternative to network tunnelling tools (e.g. Ligolo) Doesn't require a pre-installed SSH client The first solution is pictured below where the 'cloudflared' binary from, you guessed it, Cloudflare can be used in conjunction with the SSH 'ProxyCommand' to allow 'cloudflared' to transport the SSH...

read more

Implementation and Dynamic Generation for Tasks in Apache Airflow

by Newt Tan | Nov 23, 2022 | ,

I recently worked on a project focused on log anomaly detection using manageable machine learning pipelines. The pipelines mainly include data collection --- feature extraction --- feature engineering --- detection/prediction --- updating (maintenance).  It’s important to have a solid UI to manage the pipelines so I can easily review the chain of pipelines. After much research, I found many...

read more

QUEST KACE Desktop Authority Pre-Auth Remote Code Execution (CVE-2021-44031)

by tellson | Sep 8, 2022 |

Software: QUEST KACE Desktop AuthorityAffected Versions: 11.1 and earlier. Vendor page: https://www.quest.com/products/kace-desktop-authority/CVE Reference: CVE-2021-44031Published: 19/11/2021CVSS 3.1 Score: 9.8 CriticalAttack Vector: Pre-authenticated Remote Code ExecutionCredits: Tom Ellson JUMPSEC recently discovered multiple vulnerabilities in Quest KACE Desktop Authority 11.1. This is an...

read more

Abusing SharedUserData For Defense Evasion and Exploitation

by jordanjay | Aug 11, 2022 |

Over the past few weeks, I have been working on a custom packer in my spare time. In doing so, I needed to create a method of delaying execution within the unpacker stub that didn’t use any pre-defined functions. This post documents what I discovered during this project as well as some future plans I have for this method. What is SharedUserData and Why does it exist?_KUSER_SHARED_DATA...

read more

(ZOHO) ManageEngine Desktop Central – Path Traversal / Arbitrary File Write

by tellson | Aug 2, 2022 |

Software: Zoho ManageEngine Desktop CentralAffected Versions: Before 10.0.662Vendor page: https://www.manageengine.com/products/desktop-central/vulnerabilities-in-reports-module.htmlCVE Reference: CVE-2021-46165 & CVE-2021-46166Published: 09/01/2022CVSS 3.1 Score: 8.8 HighAttack Vector: SQL Injection / Arbitrary File WriteCredits: Tom Ellson This is the second post in our two part series on...

read more

(ZOHO) ManageEngine Desktop Central – SQL Injection / Arbitrary File Write

by tellson | Aug 2, 2022 |

Software: Zoho ManageEngine Desktop CentralAffected Versions: Before 10.0.662Vendor page: https://www.manageengine.com/products/desktop-central/vulnerabilities-in-reports-module.htmlCVE Reference: CVE-2021-46164Published: 09/01/2022CVSS 3.1 Score: 8.8 HighAttack Vector: SQL Injection / Arbitrary File WriteCredits: Tom Ellson This is the first post in a two part series on Manage Engine Desktop...

read more

Advisory CVE-2021-41551 Leostream Connection Broker – Authenticated Zip Slip

by lrckt | Jan 26, 2022 | , ,

Software: Leostream Connection BrokerAffected Versions: 9.0.40.17Vendor page: https://leostream.com/CVE Reference: CVE-2021-41551Published: 25/01/2022Attack Vector: path traversal, authenticatedCredits: Andrei Constantin Scutariu, Lenk Ratchakrit Seriamnuai, Andrea Malusardi Summary Leostream Connection Broker 9.0.40.17 allows administrators to conduct directory traversal attacks by uploading a...

read more

Advisory CVE-2021-41550 Leostream Connection Broker – Authenticated Remote Code Execution

by lrckt | Jan 26, 2022 | , ,

Software: Leostream Connection BrokerAffected Versions: 9.0.40.17Vendor page: https://leostream.com/CVE Reference: CVE-2021-41550Published: 25/01/2022Attack Vector: Remote, authenticatedCredits: Andrei Constantin Scutariu, Lenk Ratchakrit Seriamnuai, Andrea Malusardi Summary As the Leostream Connection Broker version: 9.0.40.17 allowed an attacker to upload any content through Third Party...

read more

GitHub Activity

 

Twitter

·
@
View on Twitter

Latest from JUMPSEC

Disclaimer

The information provided on this website is to be used for educational purposes only. The author is in no way responsible for any misuse of the information provided. Any actions and or activities related to the material contained within this website is solely your responsibility.

Jumpsec, Unit 3E – 3F, 33 – 34 Westpoint,
Warple Way, Acton
W3 0RG

To learn more about JUMPSEC's services please get in touch:

Give us a call: 0333 939 8080

Send us a message: [email protected]

To learn more about JUMPSEC'S services please get in touch:

Give us a call: 0333 939 8080

Send us a message: [email protected]

Jumpsec, Unit 3E – 3F, 33 – 34 Westpoint,
Warple Way, Acton, W3 0RG

© JUMPSEC 2020 | Privacy Policy
JUMPSEC Ltd. is a company registered in England and Wales. Registered Address: 1 Golden Court, Richmond, Surrey, TW9 1EU. Registration Number: 08327063