Latest Articles
VECTR for Purple Team Engagements
Introduction As anyone who has conducted a lengthy purple team engagement will tell you, logging and centralising the huge amount of data from these engagements can quickly become overwhelming. In the past we have seen attempts to use generic productivity software, such as Sharepoint, to attempt to track the huge number of activities and logs generated by both the red and blue teams. However, as you can imagine, shoehorning large quantities of engagement data from two teams with different operating procedures into a single application not built for this purpose can be…tricky.
September 29, 2023,francescoiulio
Advisory: IDOR in Microsoft Teams Allows for External Tenants to Introduce Malware
TL;DR Max Corbridge (@CorbridgeMax) and Tom Ellson (@tde_sec) of JUMPSEC’s Red Team recently discovered a vulnerability in the latest version of Microsoft Teams which allows for the possible introduction of malware into any organisations using Microsoft Teams in its default configuration. This is done by bypassing client-side security controls which prevent external tenants from sending files (malware in this case) to staff in your organisation. JUMPSEC has detailed remediation options, as well as some detection opportunities.
June 21, 2023,Max Corbridge
Hunting the Snake: An Overview of Threat Hunting with Velociraptor
In May 2023 the NCSC and CISA released a joint cyber security advisory addressing a piece of Russian malware called Snake. According to them, this malware has been gathering intelligence for the FSB in more than 50 countries for the last 20 years. Off the back of this advisory JUMPSEC decided to perform a number of threat hunts to provide assurance for some of our clients. Whilst conducting these hunts, we thought it would be beneficial to share the high-level methodology for this in the form of a blog post, to encourage other security professionals to proactively search for emerging threats in their infrastructure. This post will show that whilst a rich understanding of malware, TTPs, and threat hunting would certainly be beneficial, this is not a hard requirement to get started with your first hunt. Using free open-source tooling such as Velociraptor, anyone can get started.
June 19, 2023,francescoiulio