NCC Group Research Home

  • Conference Talks – January 2020

    January 2, 2020 by

    This month, in addition to the several dozen technical talks and trainings our researchers will offer at our internal conferences, NCC CON US and NCC CON Europe, two NCC Group researchers will also be presenting work publicly: Clint Gibler, “DevSecOps State of the Union v2.0,” presented at AppSec Cali (Santa Monica, CA – January 22-24… Read more

  • Passive Decryption of Ethereum Peer-to-Peer Traffic

    December 20, 2019 by

    Ethereum, a popular cryptocurrency, utilizes a P2P flood network overlay
    protocol in order to propagate new transactions and state around the network. As has been shown in previous works[^1][^2], observing the propagation of transactions through the peer-to-peer network layer is often enough to deanonymize users of cryptocurrency networks…. Read More

  • On Linux's Random Number Generation

    December 19, 2019 by

    I have been asked about the usefulness of security monitoring of entropy levels in the Linux kernel. This calls for some explanation of how random generation works in Linux systems. So, randomness and the Linux kernel. This is an area where there is longstanding confusion, notably among some Linux kernel developers, including Linus Torvalds himself.… Read more

  • Demystifying AWS' AssumeRole and sts:ExternalId

    December 18, 2019 by

    Amazon Web Services’ AssumeRole operation accepts an optional parameter called “sts:ExternalId” which is intended to mitigate certain types of attacks. However, both the attacks that sts:ExternalId mitigates and how to properly use it are widely misunderstood, resulting in large numbers of vulnerable AWS-based applications. This post aims to describe what std:ExternalId does, when to use… Read more

  • Welcome to the new NCC Group Global Research blog

    December 18, 2019 by

    Welcome to the new NCC Group Global Research blog. Here we will share blog posts on a range of technical topics that our consultants are thinking about, and on NCC Group’s research projects, papers, presentations, and tools from around the globe. 

View all posts