Weaponize Your Word – Malicious Template Injection

Weaponize Your Word – Malicious Template Injection Historically, files sent via email have been a common initial access technique employed by threat actors. Personally, I have seen emails containi...

Oct 30, 2024 Detection, Initial Access, Red Teaming, Research, Windows

Breaking into Libraries – DLL Hijacking

Breaking into Libraries – DLL Hijacking Many of us have likely encountered DLL errors when trying to open Windows applications. If you were like my younger self, you might have naively downloade...

Oct 24, 2024 Red Teaming, Windows

Active Cyber Defence – Taking back control

Every good cybersecurity article needs a Sun Tzu quote, here is one lesser known quote from Sun Tzu to start us off. What Happened? Recently, JUMPSEC’s Detection and Response Team (DART) caught...

Oct 15, 2024 Detection, Incident Response

NTLM Relaying – Making the Old New Again

I am old enough to remember that it was not always possible to get domain admin within the first hour of a test via Active Directory Certificate Services (ADCS) misconfigurations or over permission...

Sep 17, 2024 Red Teaming

Building Forensic Expertise: A Two-Part Guide to Investigating a Malicious USB Device (Part 2)

In this part 2, we’ll walk you through the step-by-step process of setting up and conducting a Digital Forensics and Incident Response (DFIR) investigation using a virtual machine (VM). We’ll cover...

Sep 11, 2024 Forensics, Incident Response

Building Forensic Expertise: A Two-Part Guide to Investigating a Malicious USB Device (Part 1)

JUMPSEC believes heavily in learning and developing through real world experience. The incident described in this blog post presented a fantastic opportunity for 3 junior team members to learn firs...

Aug 28, 2024 Forensics, Incident Response

Adversary at the Door – Initial Access and what’s currently on the menu

Based on the data from the Cyber Security Breaches Survey 2024, phishing with malicious links or malware remains the most common initial access vector, followed by impersonation. The challenge with...

Aug 20, 2024 Initial Access, Red Teaming

SSH Tunnelling to Punch Through Corporate Firewalls – Updated take on one of the oldest LOLBINs

In my formative days of learning network hacking, SSH tunnelling was amongst the first tunnelling techniques that I learnt. I still remember trying to repeatedly decode my notes and diagrams on the...

Aug 13, 2024 Adversary Infrastructure, Initial Access, Red Teaming

How to Handle Development Projects in a Pentest Company

If you are a pentester you probably never really think about programming. Instead you are testing what others have developed. However, every now and then a quick python or bash script is needed to ...

Aug 6, 2024 Jumpsec, Research

How Cloud Migration is Affecting AppSec – A Red Teamer’s Perspective

Introduction I’ve recently spoken at several conferences about the changes that are underway within red teaming as a result of cloud migration. My team and I have been delivering majority cloud re...

Jul 4, 2024 Application Security, Azure Cloud, Azure DevOps, Cloud Red Team, Initial Access, Jumpsec, Red Teaming