[email protected]      0333 939 8080

Jumpsec Labs
Jumpsec Labs

JUMPSEC LABS

The JUMPSEC Lab is a place where the the technical team get creative and showcase their latest security research, publications, interesting news and general thoughts!  We love what we do and are passionate about security, with some great upcoming projects planned, bookmark our site and stick around to see what we are working on.

Hunting the Snake: An Overview of Threat Hunting with Velociraptor

by Francesco Iulio | Jun 19, 2023 |

In May 2023 the NCSC and CISA released a joint cyber security advisory addressing a piece of Russian malware called Snake. According to them, this malware has been gathering intelligence for the FSB in more than 50 countries for the last 20 years. Off the back of this advisory JUMPSEC decided to perform a number of threat hunts to provide assurance for some of our clients. Whilst conducting these hunts, we thought it would be beneficial to share the high-level methodology for this in the form of a blog post, to encourage other security professionals to proactively search for emerging threats in their infrastructure. This post will show that whilst a rich understanding of malware, TTPs, and threat hunting would certainly be beneficial, this is not a hard requirement to get started with your first hunt. Using free open-source tooling such as Velociraptor, anyone can get started....

read more

Pwning Windows Event Logging with YARA rules

by bats3c | Sep 4, 2020 |

The Event Log coupled with Windows Event Forwarding and Sysmon can be extremely powerful in the hands of defenders, allowing them to detect attackers every step of the way. Obviously this is an issue for the attackers. Before privilege escalation it is limited what we can do to evade event logging, but once privileges have been elevated it is an equal playing field. In the past I have released a...

read more

Defending Your Malware

by bats3c | Aug 11, 2020 |

Malware is an important part of an engagement, though as many security solutions are now evolving past rudimentary signature comparisons to using more advanced techniques to detect malicious activity, it is important that we as attackers understand the methods they are using and how we can avoid them. Consider the following code I wrote for example. #include <stdio.h> #include...

read more

Thunder Eye – Threat Intelligence Aggregator

by Daniel | Jun 7, 2020 |

The project currently code-named Thunder Eye is a threat intelligence aggregator that will act as an internal and external search engine for a variety of intelligence purposes. It will collect and store data varying from vulnerability scans, DNS data, breach lists, torrent sites, honeypot networks, and some manually inserted data sourced from our threat hunting and incident response/SOC...

read more

API Hooking Framework

by Daniel | Jun 7, 2020 |

An API hooking framework, composed by a Windows driver component for library injection, a DLL file for function hooking and reporting, and a web service presenting a user interface and managing the communications between the user and the other components.The framework is aimed towards desktop application testing and vulnerability research: allows a granular monitoring of one or more processes at...

read more

shad0w

by bats3c | Jun 3, 2020 | ,

Post exploitation is large part of a red team engagement. While many organisations begin to mature and start to deploy a range of sophisticated Endpoint Detection & Response solutions (EDR) onto their networks, it requires us, as attackers to also mature. We need to upgrade our arsenal to give us the capabilities to successfully operate on their networks. That is why today, I am releasing shad0w.

shad0w is a post exploitation framework which is designed to operate covertly on such networks, providing the operator with much greater control over their engagements. Over future blog posts I will go into greater detail on the intricacies of how shad0w works. This blog post will, therefore, serve as an introduction into the usage and features that shad0w has to offer.

read more

GitHub Activity

 

Twitter

·
@
View on Twitter

Latest from JUMPSEC

Disclaimer

The information provided on this website is to be used for educational purposes only. The author is in no way responsible for any misuse of the information provided. Any actions and or activities related to the material contained within this website is solely your responsibility.

Jumpsec, Unit 3E – 3F, 33 – 34 Westpoint,
Warple Way, Acton
W3 0RG

To learn more about JUMPSEC's services please get in touch:

Give us a call: 0333 939 8080

Send us a message: [email protected]

To learn more about JUMPSEC'S services please get in touch:

Give us a call: 0333 939 8080

Send us a message: [email protected]

Jumpsec, Unit 3E – 3F, 33 – 34 Westpoint,
Warple Way, Acton, W3 0RG

© JUMPSEC 2020 | Privacy Policy
JUMPSEC Ltd. is a company registered in England and Wales. Registered Address: 1 Golden Court, Richmond, Surrey, TW9 1EU. Registration Number: 08327063