-
Cracking Random Number Generators using Machine Learning – Part 1: xorshift128
Outline 1. Introduction 2. How does xorshift128 PRNG work? 3. Neural Networks and XOR gates 4. Using Neural Networks to model the xorshift128 PRNG 4.1 Neural Network Model Design 4.2 Model Results 4.3 Model Deep Dive 5. Creating a machine-learning-resistant version of xorshift128 6. Conclusion 1. Introduction This blog post proposes an approach to crack Pseudo-Random… Read more
-
NCC Group placed first in global 5G Cyber Security Hack competition
In June of this year, Traficom – the Finnish transport and communications agency – along with the Aalto University, Cisco, Ericsson, Nokia, and PwC, organized the 5G Cyber Security Hack competition. A similar event was organised in November 2019 in Oulu, Finland and this hackathon-style event was a follow-up to their successful 2019 event. Due… Read more
-
Paradoxical Compression with Verifiable Delay Functions
We present here a new construction which has no real immediate usefulness, but is a good illustration of a fundamental concept of cryptography, namely that there is a great difference between knowing that some mathematical object exists, and being able to build it in practice. Thus, this construction can be thought of as having some… Read more
-
A Look At Some Real-World Obfuscation Techniques
Among the variety of penetration testing engagements NCC Group delivers, some – often within the gaming industry – require performing the assignment in a blackbox fashion against an obfuscated binary, and the client’s priorities revolve more around evaluating the strength of their obfuscation against content protection violations, rather than exercising the application’s security boundaries. The… Read more
-
SnapMC skips ransomware, steals data
Over the past few months NCC Group has observed an increasing number of data breach extortion cases, where the attacker steals data and threatens to publish said data online if the victim decides not to pay. Given the current threat landscape, most notable is the absence of ransomware or any technical attempt at disrupting the… Read more
-
The Challenges of Fuzzing 5G Protocols
If you have ever looked at fuzzing in any depth you will quickly realize it’s not as trivial as it first appears. There are many different types of fuzzers, but here we are focused on network fuzzers. These fuzzers are of particular interest as they are most suited to fuzzing telecoms products/protocols, where the application… Read more
-
Reverse engineering and decrypting CyberArk vault credential files
Author: Jelle Vergeer This blog will be a technical deep-dive into CyberArk credential files and how the credentials stored in these files are encrypted and decrypted. I discovered it was possible to reverse engineer the encryption and key generation algorithms and decrypt the encrypted vault password. I also provide a python implementation to decrypt the… Read more
-
Technical Advisory – Open5GS Stack Buffer Overflow During PFCP Session Establishment on UPF (CVE-2021-41794)
Summary When connecting to the UPF port for the PFCP protocol (8805) and sending an Association Setup Request followed by a Session Establishment Request with a PDI Network Instance set to ‘internet’, it causes a stack corruption to occur. Impact Exploitation of this vulnerability would lead to denial of service for the subscriber’s equipment. Details… Read more
-
Assessing the security and privacy of Vaccine Passports
There has been a lot of development lately in the field of health credentials, especially in the field of vaccine credentials. This has largely been driven by a perceived need to track and validate an individual’s vaccination status with respect to COVID-19. This post attempts to explore the security and privacy concerns related with vaccine… Read more
-
Technical Advisory – NULL Pointer Derefence in McAfee Drive Encryption (CVE-2021-23893)
Summary McAfee’s Complete Data Protection package contained the Drive Encryption (DE) software. This software was used to transparently encrypt the drive contents. The versions prior to 7.3.0 HF1 had a vulnerability in the kernel driver MfeEpePC.sys that could be exploited on certain Windows systems for privilege escalation or DoS. Impact Privilege Escalation vulnerability in a… Read more
-
Conference Talks – October 2021
This month, members of NCC Group will be presenting their work at the following conferences: Jennifer Fernick & external panelists, “Threatscape 2023 and Beyond: AI, Deep Fakes and Other Unexpected Challenges”, to be presented at MapleSec (Oct 6 2021) Damon Small, “Which security role is right for me?”, to be presented at Shellcon (Oct 8 2021) Brian Hong ,… Read more
-
Technical Advisory – Garuda Linux Insecure User Creation (CVE-2021-3784)
Summary Garuda is a modern Linux distribution based on Arch Linux with nice blur effects and icons. Garuda Linux performs an insecure user creation and authentication, that allows a local attacker to impersonate a user account while it is being created. The user is created in two steps: First the user is created without password and without any account… Read more
-
Detecting and Hunting for the PetitPotam NTLM Relay Attack
Overview During the week of July 19th, 2021, information security researchers published a proof of concept tool named “PetitPotam” that exploits a flaw in Microsoft Windows Active Directory Certificate Servers with an NTLM relay attack. The flaw allows an attacker to gain administrative privileges of an Active Directory Certificate Server once on the network with… Read more
-
Technical Advisory: PDFTron JavaScript URLs Allowed in WebViewer UI (CVE-2021-39307)
Summary PDFTron’s WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code. Impact An attacker could steal a victim’s session tokens, log their keystrokes, steal private data, or perform privileged actions in the context of a victim’s session. Details JavaScript URLs are… Read more
-
Optimizing Pairing-Based Cryptography: Montgomery Multiplication in Assembly
This is the second blog post in a new code-centric series about selected optimizations found in pairing-based cryptography. Pairing operations are foundational to the BLS Signatures central to Ethereum 2.0, the zero-knowledge arguments underpinning Filecoin, and a wide variety of other emerging applications. While my prior blog series, “Pairing over BLS12-381,” implemented the entire pairing… Read more