NCC Group Research Home

  • On the Use of Pedersen Commitments for Confidential Payments

    June 15, 2021 by

    The increased adoption of financial blockchains has fueled a lot of cryptography research in recent years. One area of high interest is transaction confidentiality which requires hiding investors’ account balances and transaction amounts, while enforcing compliance rules and performing validity checks on all activities. This blog post will look at the Zether [2] protocol, which… Read more

  • Incremental Machine Learning by Example: Detecting Suspicious Activity with Zeek Data Streams, River, and JA3 Hashes

    tl:dr Incremental Learning is an extremely useful machine learning paradigm for deriving insight into cyber security datasets. This post provides a simple example involving JA3 hashes showing how some of the foundational algorithms that enable incremental learning techniques can be applied to novelty detection (the first time something has happened) and outlier detection (rare events)… Read more

  • Testing Two-Factor Authentication

    June 10, 2021 by

    More and more applications we test are implementing some form of two-factor authentication (2FA, sometimes known as multi-factor authentication or MFA). This post provides a whirlwind tour of common 2FA mechanisms and detailed information on testing them. How does 2FA Work? The general concept behind two-factor authentication is the pairing of two different types of… Read more

  • Optimizing Pairing-Based Cryptography: Montgomery Arithmetic in Rust

    June 9, 2021 by

    This is the first blog post in a new code-centric series about selected optimizations found in pairing-based cryptography. Pairing operations are foundational to the BLS Signatures [1] central to Ethereum 2.0, zero-knowledge arguments central to Zcash and Filecoin [2], and a wide variety of other emerging applications. A prior blog series implemented the entire pairing… Read more

  • Conference Talks – June 2021

    June 5, 2021 by

    This month, members of NCC Group will be presenting their work at the following conferences: Dirk-Jan Mollema, “Walking your dog in multiple forests – Breaking AD Trust Boundaries Through Kerberos Vulnerabilities”, to be presented in a Black Hat Webcast (Virtual, June 3 2021) Michael Gough, “Incident Response Fails – What we see with our clients,… Read more

  • Public Report – Protocol Labs Groth16 Proof Aggregation: Cryptography and Implementation Review

    June 4, 2021 by

    During April 2021, Protocol Labs engaged NCC Group’s Cryptography Services team to conduct a cryptography and implementation review of the Groth16 proof aggregation functionality in the bellperson and two other related GitHub repositories. This code utilizes inner product arguments to efficiently aggregate existing Groth16 proofs while re-using existing powers of tau ceremony transcripts. Full source… Read more

  • iOS User Enrollment and Trusted Certificates

    June 4, 2021 by

    tl;dr The User Enrollment MDM option added with iOS 13 does not restrict MDM-deployed certificates to MDM-deployed applications, and in the absence of additional controls such as certificate pinning these certificates are, surprisingly, trusted by personally installed apps. When using User Enrollment on the organization’s Wi-Fi, it is possible for a Corporate Intrusion Detection System… Read more

  • Supply Chain Security Begins with Secure Software Development

    May 20, 2021 by

    Component-based Software Development Supply chain security is a complex problem that needs to be solved to before we can gain confidence in the quality of the software systems we depend upon. In July 2001, Addison-Wesley Professional  published the Building Systems from Commercial Components book I coauthored with Kurt Wallnau and Scott Hissam. Building software from commercial and open… Read more

  • Toxic Tokens: Using UUIDs for Authorization is Dangerous (even if they’re cryptographically random)

    May 10, 2021 by

    Authorization vulnerabilities continue to be one of the largest and most difficult to remediate classes of vulnerabilities that affect web applications. Compared to other vulnerability classes like XSS or SQL injection, there are no frameworks or design patterns which can be used to prevent authorization flaws at a fundamental level (although this is an area… Read more

  • Public Report – Dell Secured Component Verification

    May 5, 2021 by

    During February 2021, Dell engaged NCC Group to conduct a security assessment of their supply chain security functionality and related and supportive foundational security functionality on 14th and 15th generation Dell servers. Documentation and source code was provided as well as access to a running lab server via network access, with access to both the… Read more

  • RM3 – Curiosities of the wildest banking malware

    by fumik0_ & the RIFT TL:DR Our Research and Intelligence Fusion Team have been tracking the Gozi variant RM3 for close to 30 months. In this post we provide some history, analysis and observations on this most pernicious family of banking malware targeting Oceania, the UK, Germany and Italy.  We’ll start with an overview of its origins and current operations before providing a deep dive technical analysis… Read more

  • Conference Talks – May 2021

    April 30, 2021 by

    This month, members of NCC Group will be presenting their work at the following conferences: Sourya Biswas, “Psychology of the Phish: Leveraging the Seven Principles of Influence”, to be presented at ISACA Conference North America (Virtual – May 5 2021) Sourya Biswas, “Cybersecurity is War: Lessons from Historical Conflicts”, to be presented at Secure360 (Virtual… Read more

View all posts