JUMPSEC LABS

The JUMPSEC Lab is a place where the the technical team get creative and showcase their latest security research, publications, interesting news and general thoughts! We love what we do and are passionate about security, with some great upcoming projects planned, bookmark our site and stick around to see what we are working on.

Detecting known DLL hijacking and named pipe token impersonation attacks with Sysmon

by xnand | Nov 13, 2020 | Detection, Jumpsec, Research

Recently we posted a bunch of advisories relating to Ivanti Unified Endpoint Manager, a couple of which are for vulnerabilities which can be used to achieve local privilege escalation. We will give a brief explanation of the vulnerabilities and an example of Sysmon configuration rules to log exploitation attempts, along with the rationale behind them so you can adapt them to your existing configuration if needed.

A Defender’s Guide For Rootkit Detection: Episode 1 – Kernel Drivers

by rootkid8 | Apr 20, 2020 | Detection, Exploitation, Jumpsec

Recently JUMPSEC’s youngest red team researcher @_batsec_ raised the bar once more using rootkit techniques to universally evade Sysmon.

GitHub

JUMPSECLabs

Follow JumpsecLabs

Disclaimer

The information provided on this website is to be used for educational purposes only. The author is in no way responsible for any misuse of the information provided. Any actions and or activities related to the material contained within this website is solely your responsibility.