-
Technical Advisory – Lansweeper Privilege Escalation via CSRF Using HTTP Method Interchange (CVE-2020-13658)
Summary: Lansweeper is an application that gathers hardware and software information of computers and other devices on a computer network for management and compliance and audit purposes. The application also encompasses a ticket based help desk system and capabilities for software updates on target devices. Location: http://[LANSWEEPER_URL]/configuration/HelpdeskUsers/HelpdeskusersActions.aspx Impact: An attacker with an existing user account… Read more
-
Online Casino Roulette – A guideline for penetration testers and security researchers
Introduction In recent years, the gaming industry has grown significantly, especially casino games and sports betting. Online casinos consolidate their position as one of the main sources of entertainment in many countries worldwide, which evidently involves a notable rise in their turnover. For instance, in Spain alone, the gaming industry generated revenue of around €4,567… Read more
-
Extending a Thinkst Canary to become an interactive honeypot
In this post we explore how to use the extensible nature of Thinkst Canary to build a high interaction honeypot.
-
StreamDivert: Relaying (specific) network connections
Author: Jelle Vergeer The first part of this blog will be the story of how this tool found it’s way into existence, the problems we faced and the thought process followed. The second part will be a more technical deep dive into the tool itself, how to use it, and how it works. Storytime About… Read more
-
Public Report – Electric Coin Company NU4 Cryptographic Specification and Implementation Review
In June 2020, the Electric Coin Company engaged NCC Group to conduct a security review of the six Zcash Improvement Proposals (ZIPs) that constitute the core of the upcoming Canopy (https://z.cash/upgrade/canopy/) upgrade (also called “NU4”) to the Zcash network. This upgrade coincides with the first Zcash halving and will initiate a new development fund for… Read more
-
Machine learning from idea to reality: a PowerShell case study
Detecting both ‘offensive’ and obfuscated PowerShell scripts in Splunk using Windows Event Log 4104 This blog provides a ‘look behind the scenes’ at the RIFT Data Science team and describes the process of moving from the need or an idea for research towards models that can be used in practice. More specifically, how known and… Read more
-
Conference Talks – September 2020
This month, NCC Group researchers will be presenting their work at the following conferences: Rami McCarthy, “AWS Security: Easy Wins and Enterprise Scale,” to be presented at BSides Boston (Virtual – September 26 2020) Dirk-Jan Mollema, “Walking Your Dog in Multiple Forests: Breaking AD Trust Boundaries through Kerberos Vulnerabilities,” to be presented at Black Hat… Read more
-
Whitepaper – Exploring the Security of KaiOS Mobile Applications
KaiOS is a mobile operating system, forked from the discontinued Firefox OS, in which all the mobile applications running on a KaiOS-based mobile device are built using web technologies, such as HTML, JavaScript, and CSS. In this independent research project, we demonstrate that six of the pre-installed mobile applications are vulnerable to remote, and local,… Read more
-
Technical Advisory – wolfSSL TLS 1.3 Client Man-in-the-Middle Attack (CVE-2020-24613)
wolfSSL is a C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments. wolfSSL incorrectly implements the TLS 1.3 client state machine. This allows attackers in a privileged network position to completely impersonate any TLS 1.3 servers and read or modify potentially sensitive information between clients using the wolfSSL library and these TLS servers.
-
Technical Advisory – Multiple HTML Injection Vulnerabilities in KaiOS Pre-installed Mobile Applications
Multiple HTML injection vulnerabilities were found in several KaiOS mobile applications that are pre-installed on KaiOS mobile devices. The following vulnerabilities affected multiple KaiOS mobile devices: KaiOS Email Application HTML Injection (CVE-2019-14756) KaiOS Contacts Application HTML Injection (CVE-2019-14757) KaiOS File Manager Application HTML Injection (CVE-2019-14758) KaiOS Recorder Application HTML Injection (CVE-2019-14760) KaiOS Note Application HTML… Read more
-
Technical Advisory – FreePBX – Multiple Authenticated SQL Injections in UCP application
Summary: The User Control Panel (UCP) application is vulnerable to multiple authenticated SQL Injection vulnerabilities which can result in the compromise of administrative accounts as well as the PBX appliance itself. FreePBX has a sizable install base, with Shodan showing over 32 thousand public results for the Sangoma Apache server header. The UCP application in… Read more
-
Immortalising 20 Years of Epic Research
In December 2019 we launched this new technical security research blog site. As part of its launch we had cause to revisit our old blog website and found a myriad of forgotten whitepapers and conference presentations spanning NCC Group’s history (formation in 1999). Deeply nested on our old blog site we found over 200 whitepapers… Read more
-
Pairing over BLS12-381, Part 3: Pairing!
This is the last of three code-centric blog posts on pairing based cryptography. Support for these operations in an Ethereum precompiled contract has been proposed [1], and support for a related pairing configuration in precompiled contracts is already in operation [2, 3]. The first post [4] covered modular arithmetic, finite fields, the embedding degree, and… Read more
-
Public Report – Pixel 4/4XL and Pixel 4a ioXt Audit
NCC Group was contracted by Google to conduct a security assessment of the Pixel 4, Pixel 4XL, and Pixel 4a devices. This assessment was specifically focused on determining whether the devices comply with the ioXt Android Profile based on the ioXt Security Pledge. This assessment was performed between July 28 and August 7, 2020. The Google… Read more
-
NCC Group researchers named amongst MSRC’s Most Valuable Security Researchers in 2020
Yesterday, the Microsoft Security Response Center announced their Most Valuable Security Researchers for 2020 (MVRs). This honour, awarded annually by Microsoft during Black Hat USA, is a part of MSRC’s Researcher Recognition program, and recognizes the top security researchers globally based upon the volume, accuracy, and impact of their vulnerability reports to Microsoft over the… Read more