Latest Articles
Why sneak when you can walk through the front door - A Love letter to Password Spraying against M365 in Red Team Engagements
In 2023 through 2024, JUMPSEC’s red team gained access to Microsft 365 (M365) environments of sophisticated clients during adversarial engagements with an approach that breathes life into the decades-old technique of password spraying. With threat actors increasingly using similar approaches in the wild, being able to compromise the even likes of Microsoft themselves, it is my opinion that red teams might benefit from incorporating some of these techniques into their initial access arsenal, or even in external perimeter security testing, to better emulate adversaries and challenge assumptions around intial access.
May 2, 2024,sunnychau
<strong>Advisory CVE-2023-43042 – IBM Backup Products Superuser Information Disclosure</strong>
Software: IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize products Affected versions: 8.3 Vendor page: https://www.ibm.com/support/pages/node/7064976 CVE Reference: CVE-2023-43042 Published: 08/12/2023 CVSS 3.0 Score: 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Attack Vector: Network Credit: Max Corbridge Summary JUMPSEC’s Head of Adversarial Simulation (@CorbridgeMax) discovered that an unauthenticated user can determine whether the default superuser password has been changed on IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize products. These products were found to be a single point of failure for backup and disaster recovery processes within client environments, and as such are highly critical systems.
December 21, 2023,Max Corbridge
Red Teaming the Cloud: A Shift in Perspective
Introduction Cloud adoption is exploding, and rightfully so. Businesses are seeing the value of improved agility and efficiency when leveraging public cloud, resulting in 60% of all corporate data globally being stored in the cloud in 2022. As such, securing the cloud is becoming an increasingly important skill for defensive security teams, ergo red teaming the cloud is becoming increasingly important for us offensive security teams too. Whilst on-premise red teaming is a rich, documented and well-understood topic, cloud red teaming is still in its infancy. This blog post will highlight some of the biggest differences between on-premise and cloud red teaming, and how red teamers must shift their perspective in the newest security frontier: the cloud.
December 19, 2023,Max Corbridge