Ever wondered what sort of exploits hit a honey pot server? In this week's blog post we dive into this question and do some malware analysis to understand what sort of exploits are being used out in the wild. Check it out: labs.jumpsec.com/adventures-and… #malware #honeypot

Tool Release! We've been having a lot of fun recently bypassing swathes of security controls using alternative web technologies to smuggle payloads right past mail security products. We've open-sourced the tool that we've been using to leverage WASM: github.com/JumpsecLabs/WA…

What happens when you give a red teamer a web application pentest? They shell it and write a custom DNS tunelling protocol to exfiltrate sensitive data 😎 Another great read this week: labs.jumpsec.com/whats-in-a-nam… #aws #lambda #DNS #exfil #custom #protocol

Practical steps and gotcha's for securing mail gateways can be found in this weeks labs post, from a JUMPSEC consultant - Check it out! labs.jumpsec.com/bullet-proofin… #SPF #DKIM #DMARC #phishing #protection

Check out a super streamlined approach to bringing up an entire operational C2 infrastructure in just 5 mins in this week labs post! labs.jumpsec.com/putting-the-c2… #C2 #infrastructure

Would you rather pop an on-premise application, or a cloud-hosted one? This week maxicorbs has explored the implications of cloud migration on application security. Check it out! labs.jumpsec.com/how-cloud-migr… #cloud #migration #redteam #appsec #AWS #Azure

Check out this week's labs post on the current state of initial access security controls, and some guidance on how to bypass them! #initialaccess #bypass #securitycontrols #redteam labs.jumpsec.com/adversary-at-t…

Blog Post: The process behind investigating a malicious USB stick which landed on a client's desk! This week's post is from our Detection and Response Team (DART). Check it out! labs.jumpsec.com/building-foren…

Stumbled on a rogue USB and wondered if it's safe to plug it in? Fear no more! Our DART's Part 2 guide on USB forensics provides a roadmap to analyze such devices safely!🫡 Check it out: labs.jumpsec.com/building-foren… #DFIR #DART #IR #soclife #detectionandresponse #infosec #rogueUSB

This week's blog post is about some TTPs that are as old as time itself, but continue to land us quick wins on engagements. Check out our modern approach to relaying attacks, and how to abuse them: labs.jumpsec.com/ntlm-relaying-…

Imagine the feeling of a long-forgotten canary token triggering in one of your client's estates, which leads you down a path to catch and remove a sophisticated red team... No need to imagine, as Umair has written up a blog: labs.jumpsec.com/active-cyber-d…

This week's blog is a practical guide to DLL Hijacking - check it out! labs.jumpsec.com/breaking-into-…

Learn more about Malicious Template Injection's in this week's blog post from our Detection and Response team! labs.jumpsec.com/weaponize-your…

This week is a foray into the world of disaster recovery, and the reasons that often prevent organisations from creating and battle hardening their Business Continuity Plans (BCPs): labs.jumpsec.com/bcp-as-easy-as…

Kicking-off a new year of LABS with BYOTB (Bring Your Own Trusted Binary) by our red teamer Dave - opening BSides London 2024 with this very talk! Read about using trusted binaries to tunnel through our target networks, circumventing EDR and more! labs.jumpsec.com/bring-your-own…

New from JUMPSEC LABS! 🚀 Our DART team member Dark3zT_h0ur breaks down MFA implementation options for organizations looking to protect against initial access threats & network breaches. 🔐Pros, cons & security rankings—check it out! 👇 labs.jumpsec.com/ranking-mfa-me… #mfam #DART #Labs

🚀 New tutorial from JUMPSEC! Learn how to set up a forward proxy with HAProxy that routes Tor through a VPN—all in Docker! 🔥🔒 #CyberSecurity #Privacy #Tor #VPN labs.jumpsec.com/tutorial-how-t…

🚨New #LABS #post🚨: Attackers exploiting health-themed lures to harvest data. Join Lili Lin in her IR hunting suspicious domains down & blocking them in our clients’ estates. Learn more 👇 labs.jumpsec.com/the-anatomy-of… #phishing #cybersecurity #infosec #threathunting

Microsoft is rolling out new email security changes. 📧 Our latest LABS post discusses the implications and offers a free tool to help you assess your setup. 🛠️ Stay ahead of the curve—read more here 👇 🔗 labs.jumpsec.com/a-closer-look-… #mailsec #infosec #cybersecurity #email #dnssec

🚨 New on LABS: Malware-as-a-Smart-Contract – Part 1 🚨 Attackers abusing BSC smart contracts & compromised WordPress to serve payloads via ClickFix. Malware in the browser, C2 via blockchain - wild stuff. Full breakdown by Lili Lin 👇 🔗labs.jumpsec.com/malware-as-a-s…