Latest Articles
PowerShell Jobs
By Dray Agha JUMPSEC investigators recently observed an adversary weaponising PowerShell Jobs to schedule their attack, whilst responding to an incident. In this article, we discuss what PowerShell jobs are, how they can be leveraged for malicious purposes, and how defenders can protect, detect, and respond to neutralise the threat. What are PowerShell JobsAdversaries are known to schedule parts of their campaign once they have infiltrated a target network. They may timetable their attack for an opportune moment (such as during unsociable hours, based on the region in which the infrastructure is hosted, or support teams reside) or set up a recurring task to ensure ongoing persistence.
October 7, 2021,dray
Burp Suite and Beyond: Exploring non-HTTP protocols using MITM_RELAY
By Muhammet Ali Arıtürk In this article, Muhammet takes us on a deep technical journey to persevere beyond the limitations of the proxy tool Burp Suite, and explore non-HTTP, application-layer protocols using ‘MITM RELAY’. IntroductionAs an offensive security tester, we often rely on Burp Suite. While an excellent resource when penetration testing, it’s not without limitations, as we explored in our previous article on utilising custom python scripts. To get around some particular limitations in a recent case, I used a cool tool called MITM_RELAY which is described as a “hackish way to intercept and modify non-HTTP protocols through Burp & others”.
August 24, 2021,dray
Running Once, <del>Running Twice</del>, Pwned! Windows Registry Run Keys
By Dray Agha The Windows registry is a vast and complex topic and cannot be understood and defended in one article. One particular area of interest from a security perspective is registry run keys. In this article, we discuss who uses run keys, how to uncover abuse, and how to eradicate evil from them. An Introduction to Run Keys What are registry run keys? Run keys are an obscure mechanism of the registry to execute something on a Windows system when a user logs in or the machine boots up.
August 11, 2021,dray