NCC Group Research

Exploring DeepFake Capabilities & Mitigation Strategies with University College London

June 1, 2020 by Matt Lewis

Overview NCC Group is an industry partner for University College London’s (UCL) Centre for Doctoral Training in Data Intensive Science (CDT in DIS). The UCL CDT in DIS encompasses a wide range of areas in the field of ‘big-data’ including the collection, storage and analysis of large datasets, as well as the use of complex… Read more
Game Security

May 29, 2020 by Richard Appleby

This blog post provides an overview of cheating and anti-cheat methods in electronic games. NCC Group has previously looked at cheating, and found ways to bypass anti-cheat, but this is more of an overview. It doesn’t contain details on particular games or companies. Cheats are specific to individual games and individual game companies handle cheat… Read more
Exploring macOS Calendar Alerts: Part 2 – Exfiltrating data (CVE-2020-3882)

May 28, 2020 by Andy Grant

Using a carefully crafted calendar event, an attacker can retrieve semi-arbitrary files from a target victim’s macOS system, all the victim has to do is click on an invite.
Research Report – Zephyr and MCUboot Security Assessment

May 26, 2020 by Jeremy Boone

Over the years, NCC Group has audited countless embedded devices for our customers. Through these security assessments, we have observed that IoT devices are typically built using a hodgepodge of chipset vendor board support packages (BSP), bootloaders, SDKs, and an established Real Time Operating System (RTOS) such as Mbed or FreeRTOS. However, we have recently… Read more
CVE-2018-8611 Exploiting Windows KTM Part 5/5 – Vulnerability detection and a better read/write primitive

May 25, 2020 by Aaron Adams

The fifth and final blog posts exploring the detailed exploitation of CVE-2018-8611.
CVE-2018-8611 Exploiting Windows KTM Part 4/5 – From race win to kernel read and write primitive

May 18, 2020 by Aaron Adams

The fourth of five blog posts exploring the detailed exploitation of CVE-2018-8611.
Using SharePoint as a Phishing Platform

May 14, 2020 by David Cash

Introduction The rise of endpoint protection and the use of mobile operating systems has created additional challenges when targeting corporate users with phishing payloads designed to execute code on their endpoint device. Credential capture campaigns offer an alternative chance to leverage remote working solutions such as VPNs or Desktop Gateways in order to gain access… Read more
Public Report – Coda Cryptographic Review

May 13, 2020 by Jennifer Fernick

During the spring of 2020, O(1) Labs engaged NCC Group to conduct a cryptographic assessment of Coda Protocol. This cryptocurrency leverages state-of-the art cryptographic constructions to provide traditional cryptocurrency applications with a more lightweight blockchain. This assessment focused on the core cryptographic primitives as well as the overlaid protocol. The O(1) Labs team provided source… Read more
Shell Arithmetic Expansion and Evaluation Abuse

May 12, 2020 by Balazs Bucsay

Introduction Recently we came across a class of vulnerability that was discovered some time ago yet is not very well known, despite the potential impact of its discovery and exploitation being critical. During the (re)discovery of this type of bug we managed to get a privileged shell on a Linux-based appliance that only presented a… Read more
CVE-2018-8611 Exploiting Windows KTM Part 3/5 – Triggering the race condition and debugging tricks

May 11, 2020 by Aaron Adams

The third of five blog posts exploring the detailed exploitation of CVE-2018-8611.
Tool Release – Socks Over RDP

May 6, 2020 by Balazs Bucsay

Introduction Remote Desktop Protocol (RDP) is used to create an interactive session on a remote Windows machine. This is a widely used protocol mostly used by Administrators to remotely access the resources of the operating system or network based services. As penetration testers we frequently find ourselves in a situation where the only access that… Read more
Exploring macOS Calendar Alerts: Part 1 – Attempting to execute code

May 5, 2020 by Andy Grant

This post explores the potential abuse of some features within the macOS Calendar application. It covers multiple attack paths that could lead to code execution and discusses the protections Apple has in place to mitigate them.
CVE-2018-8611 Exploiting Windows KTM Part 2/5 – Patch analysis and basic triggering

May 4, 2020 by Aaron Adams

The second of five blog posts exploring the detailed exploitation of CVE-2018-8611.
Practical Machine Learning for Random (Filename) Detection

April 29, 2020 by Liam Stevenson

There is much hyperbole around machine learning and artificial intelligence in Managed Detection & Response. We detail when to apply and what reasonable results can be achieved on a specific real-world problem.
Curve9767 and Fast Signature Verification

April 28, 2020 by Thomas Pornin

This post is about elliptic curves as they are used in cryptography, in particular for signatures. There are many ways to define specific elliptic curves that strive to offer a good balance between security and performance; here, I am talking about specific contributions of mine: a new curve definition, and some algorithmic improvements that target… Read more

View all posts